Scan information | |
Start time | 2024-03-15T10:17:46.280045+08:00 |
Start url | http://www.apeccbn.org/ |
Host | www.apeccbn.org |
Scan time | 3 minutes, 54 seconds |
Profile | Full Scan |
Server information | nginx |
Responsive | True |
Server OS | Unknown |
Server technologies | PHP |
Scan status | failed |
Application build | 15.2.221208162 |
One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.
Total alerts found | 9 |
High | 1 |
Medium | 2 |
Low | 4 |
Informational | 2 |
Classification | |
CVSS3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score: 5.3 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: Low |
CVSS2 | Base Score: 5.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-298 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 4.3 Access Vector: Network_accessible Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CVE | CVE-2016-2183 |
CVE | CVE-2016-6329 |
CWE | CWE-310 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score: 6.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None |
CVSS2 | Base Score: 3.3 Access Vector: Local_access Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-310 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N Base Score: 0.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 0.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-284 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N Base Score: 0.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 0.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-1004 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score: 3.1 Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: Low Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 2.6 Access Vector: Network_accessible Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-614 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N Base Score: 0.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: None Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 0.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-16 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N Base Score: 0.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: None Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 0.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-1021 |
Affected items | Variation |
Web Server | 1 |
Classification | |
CVSS3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N Base Score: 0.0 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality Impact: None Integrity Impact: None Availability Impact: None |
CVSS2 | Base Score: 0.0 Access Vector: Network_accessible Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None Exploitability: Not_defined Remediation Level: Not_defined Report Confidence: Not_defined Availability Requirement: Not_defined Collateral Damage Potential: Not_defined Confidentiality Requirement: Not_defined Integrity Requirement: Not_defined Target Distribution: Not_defined |
CWE | CWE-1021 |
Affected items | Variation |
Web Server | 1 |
Severity | High |
Reported by module | /Scripts/PerServer/SSL_Audit.script |
One of the TLS/SSL certificates sent by your server has either expired or is not yet valid.
Most web browsers will present end-users with a security warning, asking them to manually confirm the authenticity of your certificate chain. Software or automated systems may silently refuse to connect to the server.
This alert is not necessarily caused by the server (leaf) certificate, but may have been triggered by an intermediate certificate. Please refer to the certificate serial number in the alert details to identify the affected certificate.
This SSL certificate is not valid.
Verify Start Date and/or End Dates of your SSL Certificate.
Web Server |
Details |
Error: could not render details. |
Request headers |
|
Severity | Medium |
Reported by module | /Scripts/PerServer/SSL_Audit.script |
The Sweet32 attack is a SSL/TLS vulnerability that allows attackers to compromise HTTPS connections using 64-bit block ciphers.
An attacker may intercept HTTPS connections between vulnerable clients and servers.
Reconfigure the affected SSL/TLS server to disable support for obsolete 64-bit block ciphers.
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
CVE-2016-2183
CVE-2016-6329
Web Server |
Details |
Cipher suites susceptible to Sweet32 attack (TLS1.2 on port 443): |
Request headers |
|
Severity | Medium |
Reported by module | /Scripts/PerServer/SSL_Audit.script |
The remote host supports TLS/SSL cipher suites with weak or insecure properties.
Reconfigure the affected application to avoid use of weak cipher suites.
OWASP: TLS Cipher String Cheat Sheet
OWASP: Transport Layer Protection Cheat Sheet
Mozilla: TLS Cipher Suite Recommendations
SSLlabs: SSL and TLS Deployment Best Practices
RFC 9155: Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2
Web Server |
Details |
Weak TLS/SSL Cipher Suites: (offered via TLS1.2 on port 443): |
Request headers |
|
Severity | Low |
Reported by module | /RPA/Cookie_Validator.js |
At least one of the following cookies properties causes the cookie to be invalid or incompatible with either a different property of the same cookie, of with the environment the cookie is being used in. Although this is not a vulnerability in itself, it will likely lead to unexpected behavior by the application, which in turn may cause secondary security issues.
Cookies will not be stored, or submitted, by web browsers.
Ensure that the cookies configuration complies with the applicable standards.
MDN | Set-Cookie
Securing cookies with cookie prefixes
Cookies: HTTP State Management Mechanism
SameSite Updates - The Chromium Projects
draft-west-first-party-cookies-07: Same-site Cookies
Web Server |
Verified vulnerability |
Details |
List of cookies with missing, inconsistent or contradictory properties:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|
Severity | Low |
Reported by module | /RPA/Cookie_Without_HttpOnly.js |
One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies.
Cookies can be accessed by client-side scripts.
If possible, you should set the HttpOnly flag for these cookies.
Web Server |
Verified vulnerability |
Details |
Cookies without HttpOnly flag set:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|
Severity | Low |
Reported by module | /RPA/Cookie_Without_Secure.js |
One or more cookies does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.
Cookies could be sent over unencrypted channels.
If possible, you should set the Secure flag for these cookies.
Web Server |
Verified vulnerability |
Details |
Cookies without Secure flag set:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|
Severity | Low |
Reported by module | /httpdata/HSTS_not_implemented.js |
HTTP Strict Transport Security (HSTS) tells a browser that a web site is only accessable using HTTPS. It was detected that your web application doesn't implement HTTP Strict Transport Security (HSTS) as the Strict Transport Security header is missing from the response.
HSTS can be used to prevent and/or mitigate some types of man-in-the-middle (MitM) attacks
It's recommended to implement HTTP Strict Transport Security (HSTS) into your web application. Consult web references for more information
hstspreload.org
Strict-Transport-Security
Web Server |
Details |
URLs where HSTS is not enabled:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|
Severity | Informational |
Reported by module | /httpdata/CSP_not_implemented.js |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header is a string containing the policy directives describing your Content Security Policy. To implement CSP, you should define lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to load scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look like the following:
Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com;
CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks, attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as clickjacking attacks, and others.
It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources the user agent is allowed to load for that page.
Content Security Policy (CSP)
Implementing Content Security Policy
Web Server |
Details |
Paths without CSP header:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|
Severity | Informational |
Reported by module | /httpdata/permissions_policy.js |
The Permissions-Policy header allows developers to selectively enable and disable use of various browser features and APIs.
Permissions-Policy / Feature-Policy (MDN)
Permissions Policy (W3C)
Web Server |
Details |
Locations without Permissions-Policy header:
|
Request headers |
GET / HTTP/1.1
Referer: https://www.apeccbn.org/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Host: www.apeccbn.org
Connection: Keep-alive
|