Vulnerability Scan Report: Attestation Of Compliance

1y ago
34 Views
2 Downloads
1.30 MB
233 Pages
Last View : 2d ago
Last Download : 6m ago
Upload by : Rosa Marty
Transcription

Report Date: 2014-12-02Vulnerability Scan Report: Attestation of ComplianceScan Customer InformationApproved Scanning Vendor InformationCompany Name:DUMBBELLSContact:joseph donziTitle:Telephone:201-868-7001E-mail:Business Address:9243 KENNEDY BLVDCity:NORTH BERGENState/Province:ZIP/Postal Code:07047Country:Company Name:TrustwaveContact:Trustwave 21E-mail:support@trustwave.comBusiness Address:70 West Madison St., Ste 1050New JerseyCity:ChicagoState/Province:ILUSZIP/Postal Code:60602Country:UShaymoose@aol.comScan StatusFail1802014-12-02N/AScan Compliance StatusNumber of unique components scanned that are in scopeNumber of identified failing vulnerabilitiesNumber of components scanned by TrustKeeper but confirmed by the customer not to be in scopeDate Scan CompletedScan Expiration Date (3 months from Date Scan Completed)Scan Customer AttestationApproved Scanning Vendor AttestationDUMBBELLS attests that: This scan includes all components which should be in scope for PCIDSS, any component considered out-of-scope for this scan is properly segmented from mycardholder data environment, and any evidence submitted to the ASV to resolve scanexceptions is accurate and complete. DUMBBELLS also acknowledges the following: 1) properscoping of this external scan is my responsibility, and 2) this scan result only indicates whetheror not my scanned systems are compliant with the external vulnerability scan requirement ofthe PCI DSS; This scan does not represent DUMBBELLSs overall compliance status with PCI DSSor provide any indication of compliance with other PCI DSS requirements.SignaturePrinted NameTitleDateThis scan and report were prepared and conducted by Trustwave under certificate number 370201-09 (2014), 3702-01-08 (2013), 3702-01-07 (2012), 3702-01-06 (2011), 3702-01-05 (2010),according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASVProgram Guide.Trustwave attests that the PCI DSS scan process was followed, including a manual or automatedQuality Assurance process with customer boarding and scoping practices, review of results foranomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and3) active interference. This report and any exceptions were reviewed by the Trustwave QualityAssurance Process.Confidential Information: This document may contain information that is privileged, confidentialor otherwise protected from disclosure. Dissemination, distribution or copying of this documentor the information herein is prohibited without prior permission of Trustwave and DUMBBELLS.Copyright 2014 Trustwave, All Rights Reserved

Report Date: 2014-12-02Vulnerability Scan Report: Table of ContentsAttestation of ComplianceTable of ContentsExecutive SummaryPart 1. Scan InformationPart 2. Component Compliance SummaryPart 3a. Vulnerabilities Noted for Each IP AddressPart 3b. Special Notes by IP AddressVulnerability DetailsPart 1. Scan InformationPart 2. Scan Inventory (Accessible Systems and Services)Part 3a. Previous Scan Targets (Not Scanned)Part 3b. Discovered Scan Targets (Not Scanned)Part 3c. Load BalancersPart 4. Vulnerabilities & Policy Violations123334293131313636373723.229.184.1 (www.dumbbellshealthclub.com)38Part 5a. Web ServersPart 5b. SSL Certificate InformationPart 6. Disputed Vulnerabilities & Policy Violations222ASV Feedback FormConfidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.224228229Copyright 2014 Trustwave, All Rights Reserved

Report Date: 2014-12-02Vulnerability Scan Report: Executive SummaryPart 1. Scan InformationScan Customer CompanyDUMBBELLSASV CompanyTrustwaveScan Compliance StatusFailDate Scan Completed2014-12-02Scan Expiration DateN/APart 2. Component Compliance Summary#ComplianceStatus1FailNameTypeIP shealthclub.comWeb Site23.229.184.1Domain Name0073157Total Findings0073157Total PCI Vulnerabilities00701* Note: This location did not respond to probes from the TrustKeeper scanners. For physical locations this is good, since the location is protected and hiddenfrom the Internet. For websites, it could mean the web site is not available, or the domain name is misspelled.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 3

Report Date: 2014-12-02Vulnerability Scan Report: Executive SummaryPart 3a. Vulnerabilities Noted for Each IP ptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Unencryptedcommunication channels violate Requirement 4 of the PCIDSS and are considered an automatic failing condition.Unencrypted CommunicationChannel AccessibilityMedium6.20FailNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Unencryptedcommunication channels violate Requirement 4 of the PCIDSS and are considered an automatic failing )Unencrypted CommunicationChannel AccessibilityMedium6.20FailNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Unencryptedcommunication channels violate Requirement 4 of the PCIDSS and are considered an automatic failing m)Unencrypted CommunicationChannel AccessibilityMedium6.20FailNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Unencryptedcommunication channels violate Requirement 4 of the PCIDSS and are considered an automatic failing m)Unencrypted CommunicationChannel AccessibilityMedium6.20FailNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Unencryptedcommunication channels violate Requirement 4 of the PCIDSS and are considered an automatic failing m)HTTP Server UsernameProbing, CVE-2001-1013Medium5.00Fail#IP AddressVulnerabilities .com)Unencrypted CommunicationChannel .com)3Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 4

Report Date: 2014-12-02Vulnerability Scan Report: Executive ptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database.DB AccessibilityInfo0.00FailNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database. Open access todatabases violates PCI DSS and is considered an automaticfailing )OpenSSH ResourcesExhaustion Bug via GSSAPI,CVE-2011-5000Low3.50PassNote to scan customer: This vulnerability is purely a denialof-service vulnerability and it is not considered a failingcondition under the PCI club.com)SSL Weak EncryptionAlgorithmsLow1.80PassNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database.SSL Anonymous DiffieHellman CiphersLow1.80PassNote to scan customer: This vulnerability is not recognizedin the National Vulnerability Database.TCP Timestamp OptionsEnabledInfo0.00PassFTP Server Supports AUTHTLS (STARTTLS)Info0.00PassSSL Certificate CommonName Does Not ValidateInfo0.00Pass#IP AddressVulnerabilities .com)23.229.184.1(www.dumbbellshealthclub.com)Web Application TransmitsLogin Credentials WithoutEncryption910811121314Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 5

Report Date: 2014-12-02Vulnerability Scan Report: Executive SummaryInfoCVSSScore0.00ComplianceStatusPassSSL Certificate is Not TrustedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00PassSSLv3 Supported, CVE-20143566Info0.00PassEnumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, CVE-2013-2566Info0.00Pass#IP AddressVulnerabilities (www.dumbbellshealthclub.com)SSL Certificate is 920Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2014-3566specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.NVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Copyright 2014 Trustwave, All Rights ReservedPage 6

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#IP AddressVulnerabilities NotedSeverityCVSSScoreComplianceStatusExceptions, False Positives, or Compensating Controls Notedby the ASV for this b.com)SSL Vulnerable to CBCAttacks, CVE-2011-3389Info0.00PassNVD CVSS Score: d ApplicationsInfo0.00PassSSHv2 Cipher EnumerationInfo0.00PassEnumerated ApplicationsInfo0.00PassTCP Timestamp OptionsEnabledInfo0.00PassSMTP Service Supports theSTARTTLS CommandInfo0.00PassSSL Certificate CommonName Does Not ValidateInfo0.00Pass222324252627Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 7

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#Vulnerabilities m)SSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00PassSSLv3 Supported, b.com)Enumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, CVE-2013-2566Info0.00PassIP AddressExceptions, False Positives, or Compensating Controls Notedby the ASV for this Vulnerabilityclub.com)282930313233NVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2014-3566specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.NVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serverCopyright 2014 Trustwave, All Rights ReservedPage 8

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#IP AddressVulnerabilities NotedSeverityCVSSScoreComplianceStatusExceptions, False Positives, or Compensating Controls Notedby the ASV for this Vulnerabilityitself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.3423.229.184.1(www.dumbbellshealthclub.com)SSL Vulnerable to CBCAttacks, CVE-2011-3389Info0.00PassNVD CVSS Score: club.com)Enumerated ApplicationsInfo0.00PassNo X-FRAME-OPTIONS HeaderInfo0.00PassOperating System PotentiallyDetermined via ApacheRequestsInfo0.00PassDiscovered Web DirectoriesInfo0.00PassWeb Server HostingPotentially CopyrightedMaterialInfo0.00Pass3536373839Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 9

Report Date: 2014-12-02Vulnerability Scan Report: Executive SummaryInfoCVSSScore0.00ComplianceStatusPassPOP3 Service Supports theSTARTTLS CommandInfo0.00PassSSL Certificate CommonName Does Not ValidateInfo0.00PassSSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00PassEnumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, CVE-2013-2566Info0.00Pass#IP AddressVulnerabilities red HTTP Methods41424344454647Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serverCopyright 2014 Trustwave, All Rights ReservedPage 10

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#IP AddressVulnerabilities NotedSeverityCVSSScoreComplianceStatusExceptions, False Positives, or Compensating Controls Notedby the ASV for this Vulnerabilityitself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.4823.229.184.1(www.dumbbellshealthclub.com)SSL Vulnerable to CBCAttacks, CVE-2011-3389Info0.00PassNVD CVSS Score: club.com)Enumerated ApplicationsInfo0.00PassIMAP Service Supports theSTARTTLS CommandInfo0.00PassSSL Certificate CommonName Does Not ValidateInfo0.00PassSSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00Pass4950515253Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 11

Report Date: 2014-12-02Vulnerability Scan Report: Executive ated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, shealthclub.com)SSL Vulnerable to CBCAttacks, lub.com)23.229.184.1(www.Enumerated ApplicationsInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00Pass#IP AddressVulnerabilities 229.184.1(www.dumbbellshealthclub.com)SSL Perfect Forward SecrecySupported5556575859Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.0.00PassNVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 12

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#6061626364Vulnerabilities NotedSeverityCVSSScoreComplianceStatusEnumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, shealthclub.com)SSL Vulnerable to CBCAttacks, numerated ApplicationsInfo0.00PassNo X-FRAME-OPTIONS HeaderInfo0.00PassIP althclub.com)Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.0.00PassNVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 13

Report Date: 2014-12-02Vulnerability Scan Report: Executive SummaryInfoCVSSScore0.00ComplianceStatusPassSSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00PassSSLv3 Supported, CVE-20143566Info0.00PassEnumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, CVE-2013-2566Info0.00Pass#IP AddressVulnerabilities bellshealthclub.com)SSL Certificate CommonName Does Not 71Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2014-3566specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.NVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of theCopyright 2014 Trustwave, All Rights ReservedPage 14

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#IP AddressVulnerabilities NotedSeverityCVSSScoreComplianceStatusExceptions, False Positives, or Compensating Controls Notedby the ASV for this Vulnerabilityvulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.7223.229.184.1(www.dumbbellshealthclub.com)SSL Vulnerable to CBCAttacks, CVE-2011-3389Info0.00PassNVD CVSS Score: SMTP Service Supports theSTARTTLS CommandInfo0.00PassSSL Certificate CommonName Does Not ValidateInfo0.00PassSSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00Pass7374757677Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.Copyright 2014 Trustwave, All Rights ReservedPage 15

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#Vulnerabilities NotedSeverityCVSSScoreComplianceStatusExceptions, False Positives, or Compensating Controls Notedby the ASV for this com)SSLv3 Supported, CVE-20143566Info0.00PassNVD CVSS Score: 9.184.1(www.dumbbellshealthclub.com)Enumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, shealthclub.com)SSL Vulnerable to CBCAttacks, CVE-2011-3389InfoIP Addressclub.com)78798081Note to scan customer: The NVD entry for CVE-2014-3566specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.NVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.0.00PassConfidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave andDUMBBELLS.NVD CVSS Score: 4.30Note to scan customer: The NVD entry for CVE-2011-3389specifies a CVSSv2 vector of AV:N/AC:M/Au:N/C:P/I:N/A:N, witha base score of 4.3. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.Copyright 2014 Trustwave, All Rights ReservedPage 16

Report Date: 2014-12-02Vulnerability Scan Report: Executive Summary#IP AddressVulnerabilities 9.184.1(www.dumbbellshealthclub.com)SSL Certificate CommonName Does Not ValidateInfo0.00PassSSL Certificate is Not TrustedInfo0.00PassWildcard SSL CertificateDetectedInfo0.00PassSSL Perfect Forward SecrecySupportedInfo0.00PassEnumerated SSL/TLS CipherSuitesInfo0.00PassSSL RC4-based CiphersSupported, shealthSSL Vulnerable to CBCAttacks, CVE-2011-3389Info838485868788Exceptions, False Positives, or Compensating Controls Notedby the ASV for this VulnerabilityNVD CVSS Score: 2.60Note to scan customer: The NVD entry for CVE-2013-2566specifies a CVSSv2 vector of AV:N/AC:H/Au:N/C:P/I:N/A:N, witha base score of 2.6. Trustwave's assessment of thevulnerability differs since the flaw lies in the way webbrowsers communicate with this server and not in the serveritself. As such, Trustwave uses a CVSSv2 vector of AV:N/AC:L/Au:N/C:N/I:N/A:N, with a base score of 0.0.0.00PassConfidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure.Dissemination, distribution or cop

Low 3.50 Pass Note to scan customer: This vulnerability is purely a denial-of-service vulnerability and it is not considered a failing condition under the PCI DSS. 10 23.229.184.1 (www. dumbbellshealth club.com) SSL Weak Encryption Algorithms Low 1.80 Pass Note to scan customer: This vulnerability is not recognized in the National Vulnerability .

Related Documents:

SFTP, Email Server, SharePoint & Easy Scan to Email6 Cloud Scanning6 Scan direct to Evernote , Box, Dropbox, Google Drive , OneDrive, Picasa, Evernote , OneNote Scan Features Remove Background, Skip Blank Page, ID Scan 4, 1 to 2 Scan , Auto Deskew from ADF, Split PDF Scan To Microsoft Office6 Scan to Microsoft Word, Microsoft Excel &

A virus scan provider represents the interface to the virus scan engine in the flavors virus scan adapter and virus scan server. A virus scan adapter is used for VSI library-based communication as explained above, whereas a virus scan server is used when the virus scan engine and SAP NetWeaver are installed on separate server systems.

9.1 Login to the New Jersey EHR Incentive Program Attestation Application . 27 9.1.1 Starting the New Jersey EHR Incentive Program Attestation Application . 27 9.2 Registering a Provider within the New Jersey EHR Incentive Program Attestation Application 30

Comment remplir l’attestation de salaire ? 2. 3 Sommaire Pages . sur l’attestation de salaire intervient le dernier jour du mois, le salaire se rapportant à ce mois est pris en compte dans le calcul de l’indemnité journalière et doit donc figurer sur l’attestation de salaire.

de l’attestation, dupliquer l’attestation, ou l’annuler Si vous constatez une erreur sur l’une des 5 étapes, cliquez sur le bouton « modifier » de l’étape concernée pour y accéder. Une fois vos modifications effectuées, n’oubliez pas de retransmettre votre nouvelle attestation

II - TRAITEMENT DE L’ATTESTATION PÔLE EMPLOI 1. Comment remplir l’attestation Pôle Emploi Il faut compléter les 7 onglets proposés. Ces onglets correspondent aux rubriques se trouvant dans votre attestation Pôle Emploi papier ou internet.

Kandy. The highest vulnerability (0.45: moderate vulnerability) to dengue was indicated from CMC and the lowest indicated from Galaha MOH (0.15; very low vulnerability) in Kandy. Interestingly the KMC MOH area had a notable vulnerability of 0.41 (moderate vulnerability), which was the highes

LITERARY(THEORY(An(introduction((!! ClassReader! Spring2014!! Prof.DavidMiralles,PH.D.! University!of!Oregon!! Universidad!Autónoma!de!Querétaro!