• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3046
  • Last Modified:

Security vulnerabilities: 1)Trace and Track 2)weak SSL ciphers

I have the following 2 Nessus scan results which have been bugging us a while
because when my colleague tried to fix them, it affects the web service.

Anyone has any idea on how to address them without affecting the service

======================================

interwise (7778/tcp)

Synopsis :

Debugging functions are enabled on the remote web server.


Description :

The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.

In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.


See Also :

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/867593


Solution:

Disable these methods.


Risk Factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

====================================================================

csd-mgmt-port (3071/tcp)

Synopsis :

The remote service supports the use of weak SSL ciphers.


Description :

The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.


See Also :

http://www.openssl.org/docs/apps/ciphers.html


Solution:

Reconfigure the affected application if possible to avoid use of weak
ciphers.


Risk Factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Plugin output :

Here is the list of weak SSL ciphers supported by the remote server :

Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
0
sunhux
Asked:
sunhux
  • 2
2 Solutions
 
blakogreCommented:
They're both going to affect the web service by nature of the issue, as they are web service vulnerabilities, so there is no way to remediate without affecting it.

With that said, what OS is it?

In Windows, this is a reg hack to disable the weak ciphers.  This should not have a significant effect on the web service, as you're basically saying, don't negotiate SSL using these certain weak encryption ciphers -- typically, a good idea, right?  You don't want that ssl negotation to be hacked/decrypted by the bad guys.

Check out: http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/

Trace and Track are usually only needed for debugging and don't affect the end user experience.  I woudl suggest disabling these, and enabling only when troubleshooting.
0
 
sunhuxAuthor Commented:

It's Windows 2003 Enterprise servers as well as Win 2003 Std Edition  OS.

So both the Trace and Track as well as "weak ciphers" which I indicated above
are the same issue?  

Are the solution for both indicated in link below ?
http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/ 
0
 
blakogreCommented:
No, trace/track are slightly different.  I've done a lot of nessus scanning, these are common issues.

Check:
http://technet.microsoft.com/en-us/library/cc730944.aspx

urlscan can be used for track:
http://technet.microsoft.com/en-us/security/cc242650.aspx

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now