安全扫描报告

sureing
1 ℃
2020-02-14

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

安全扫描报告宿迁福彩该报告包含有重要的安全信息请妥善保管。创建时间：2016/11/23一、安全扫描概要说明....................................................................................................................................................31.1、安全扫描人员情况...................................................................................................................................................31.2、扫描范围...................................................................................................................................................................31.3、时间计划...................................................................................................................................................................3二、安全扫描情况说明....................................................................................................................................................32.1、总体情况...................................................................................................................................................................3三、安全扫描报告详情....................................................................................................................................................3一、安全扫描概要说明1.1、安全扫描人员情况扫描单位：京东云安全团队扫描人员：安全人员—聂遵育、项目管理、交付—张伟、倪远1.2、扫描范围利用扫描工具对宿迁彩票网（）IP地址（222.187.245.225）进行安全扫描。详情参考《安全扫描工作授权书》1.3、时间计划2016年11月23日18:00开始，具体扫描时间视情况进行微调。二、安全扫描情况说明2.1、总体情况风险级别：中风险高危漏洞：0个中危漏洞：1个低危漏洞：2个三、安全扫描报告详情Scanof:47:00Finishtime2016/11/2323:50:54ProfileDefaultServerinformationResponsiveTrueServerbanner(GETorPOST).-/-1inputsListofexternalhostsThesehostswerelinkedfromthiswebsitebuttheywerenotscannedbecausetheyarenotlistedinthelistofhostsallowed.(Configuration-ScanSettings-ScanningOptions-Listofhostsallowed).-go.microsoft.com2WebApplicationFirewalldetectedClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-16AffecteditemsVaria-tionsWebServer1ASP.NETversiondisclosureClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-200AffecteditemsVaria-tions/1Clickjacking:X-Frame-OptionsheadermissingClassificationCVSSBaseScore:6.8-AccessVector:Network-AccessComplexity:Medium-Authentication:None-ConfidentialityImpact:Partial-IntegrityImpact:Partial-AvailabilityImpact:PartialCWECWE-693AffecteditemsVaria-tionsWebServer1WebserverdefaultwelcomepageClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-16AffecteditemsVaria-tionsWebServer1AlertdetailsWebApplicationFirewalldetectedSeverityMediumTypeConfigurationReportedbymoduleScripting(WAF_Detection.script)DescriptionThisserverisprotectedbyanIPS(IntrusionPreventionSystem),IDS(IntrusionDetectionSystem)oranWAF(WebApplicationFirewall).ImpactYoumayreceiveincorrect/incompleteresultswhenscanningaserverprotectedbyanIPS/IDS/WAF.Also,iftheWAFdetectsanumberofattackscomingfromthescanner,theIPaddresscanbeblockedafterafewattempts.RecommendationIfpossible,it'srecommendedtoscananinternal(development)versionofthewebapplica-tionwheretheWAFisnotactive.AffecteditemsWebServerDetailsDetectedWebKnightfromtheresponsestatuscode.RequestheadersHost:222.187.245.225Connection:Keep-aliveAccept-Encoding:gzip,deflateUser-Agent:Mozilla/5.0(WindowsNT6.1;WOW64)AppleWebKit/537.21(KHTML,likeGecko)Chrome/41.0.2228.0Safari/537.21Accept:*/*ASP.NETversiondisclosureSeverityLowTypeConfigurationReportedbymoduleScripting(ASP_NET_Error_Message.script)DescriptionTheHTTPresponsesreturnedbythiswebapplicationincludeanheadernamedX-AspNet-Version.ThevalueofthisheaderisusedbyVisualStudiotodeterminewhichver-sionofASP.NETisinuse.Itisnotnecessaryforproductionsitesandshouldbedisabled.ImpactTheHTTPheadermaydisclosesensitiveinformation.Thisinformationcanbeusedtolaunchfurtherattacks.RecommendationApplythefollowingchangestotheweb.configfiletopreventASP.NETversiondisclosure:System.WebhttpRuntimeenableVersionHeader=false//System.WebReferencesHttpRuntimeSection.EnableVersionHeaderPropertyAffecteditems/DetailsVersioninformationfound:2.0.50727RequestheadersGET/|~.aspxHTTP/1.1Host:222.187.245.225Connection:Keep-aliveAccept-Encoding:gzip,deflateUser-Agent:Mozilla/5.0(WindowsNT6.1;WOW64)AppleWebKit/537.21(KHTML,likeGecko)Chrome/41.0.2228.0Safari/537.21Accept:*/*Clickjacking:X-Frame-OptionsheadermissingSeverityLowTypeConfigurationReportedbymoduleScripting(Clickjacking_X_Frame_Options.script)DescriptionClickjacking(UserInterfaceredressattack,UIredressattack,UIredressing)isamalicioustechniqueoftrickingaWebuserintoclickingonsometh