您好,欢迎访问三七文档
安全扫描报告宿迁福彩该报告包含有重要的安全信息请妥善保管。创建时间:2016/11/23一、安全扫描概要说明....................................................................................................................................................31.1、安全扫描人员情况...................................................................................................................................................31.2、扫描范围...................................................................................................................................................................31.3、时间计划...................................................................................................................................................................3二、安全扫描情况说明....................................................................................................................................................32.1、总体情况...................................................................................................................................................................3三、安全扫描报告详情....................................................................................................................................................3一、安全扫描概要说明1.1、安全扫描人员情况扫描单位:京东云安全团队扫描人员:安全人员—聂遵育、项目管理、交付—张伟、倪远1.2、扫描范围利用扫描工具对宿迁彩票网()IP地址(222.187.245.225)进行安全扫描。详情参考《安全扫描工作授权书》1.3、时间计划2016年11月23日18:00开始,具体扫描时间视情况进行微调。二、安全扫描情况说明2.1、总体情况风险级别:中风险高危漏洞:0个中危漏洞:1个低危漏洞:2个三、安全扫描报告详情Scanof:47:00Finishtime2016/11/2323:50:54ProfileDefaultServerinformationResponsiveTrueServerbanner(GETorPOST).-/-1inputsListofexternalhostsThesehostswerelinkedfromthiswebsitebuttheywerenotscannedbecausetheyarenotlistedinthelistofhostsallowed.(Configuration-ScanSettings-ScanningOptions-Listofhostsallowed).-go.microsoft.com2WebApplicationFirewalldetectedClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-16AffecteditemsVaria-tionsWebServer1ASP.NETversiondisclosureClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-200AffecteditemsVaria-tions/1Clickjacking:X-Frame-OptionsheadermissingClassificationCVSSBaseScore:6.8-AccessVector:Network-AccessComplexity:Medium-Authentication:None-ConfidentialityImpact:Partial-IntegrityImpact:Partial-AvailabilityImpact:PartialCWECWE-693AffecteditemsVaria-tionsWebServer1WebserverdefaultwelcomepageClassificationCVSSBaseScore:0.0-AccessVector:Network-AccessComplexity:Low-Authentication:None-ConfidentialityImpact:None-IntegrityImpact:None-AvailabilityImpact:NoneCWECWE-16AffecteditemsVaria-tionsWebServer1AlertdetailsWebApplicationFirewalldetectedSeverityMediumTypeConfigurationReportedbymoduleScripting(WAF_Detection.script)DescriptionThisserverisprotectedbyanIPS(IntrusionPreventionSystem),IDS(IntrusionDetectionSystem)oranWAF(WebApplicationFirewall).ImpactYoumayreceiveincorrect/incompleteresultswhenscanningaserverprotectedbyanIPS/IDS/WAF.Also,iftheWAFdetectsanumberofattackscomingfromthescanner,theIPaddresscanbeblockedafterafewattempts.RecommendationIfpossible,it'srecommendedtoscananinternal(development)versionofthewebapplica-tionwheretheWAFisnotactive.AffecteditemsWebServerDetailsDetectedWebKnightfromtheresponsestatuscode.RequestheadersHost:222.187.245.225Connection:Keep-aliveAccept-Encoding:gzip,deflateUser-Agent:Mozilla/5.0(WindowsNT6.1;WOW64)AppleWebKit/537.21(KHTML,likeGecko)Chrome/41.0.2228.0Safari/537.21Accept:*/*ASP.NETversiondisclosureSeverityLowTypeConfigurationReportedbymoduleScripting(ASP_NET_Error_Message.script)DescriptionTheHTTPresponsesreturnedbythiswebapplicationincludeanheadernamedX-AspNet-Version.ThevalueofthisheaderisusedbyVisualStudiotodeterminewhichver-sionofASP.NETisinuse.Itisnotnecessaryforproductionsitesandshouldbedisabled.ImpactTheHTTPheadermaydisclosesensitiveinformation.Thisinformationcanbeusedtolaunchfurtherattacks.RecommendationApplythefollowingchangestotheweb.configfiletopreventASP.NETversiondisclosure:System.WebhttpRuntimeenableVersionHeader=false//System.WebReferencesHttpRuntimeSection.EnableVersionHeaderPropertyAffecteditems/DetailsVersioninformationfound:2.0.50727RequestheadersGET/|~.aspxHTTP/1.1Host:222.187.245.225Connection:Keep-aliveAccept-Encoding:gzip,deflateUser-Agent:Mozilla/5.0(WindowsNT6.1;WOW64)AppleWebKit/537.21(KHTML,likeGecko)Chrome/41.0.2228.0Safari/537.21Accept:*/*Clickjacking:X-Frame-OptionsheadermissingSeverityLowTypeConfigurationReportedbymoduleScripting(Clickjacking_X_Frame_Options.script)DescriptionClickjacking(UserInterfaceredressattack,UIredressattack,UIredressing)isamalicioustechniqueoftrickingaWebuserintoclickingonsometh
本文标题:安全扫描报告
链接地址:https://www.777doc.com/doc-3748330 .html