PCI DSS none compliant
Synopsis: The remote web server is obsolete.
Description
According to its version, the remote web server is obsolete and no
longer maintained by its vendor or provider.
A lack of support implies that no new security patches are being
released for it.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to
a newer version if possible or switch to another server.
Risk Factor: High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Plugin Output
Product : Tomcat
Installed version : 5.0.28
Supported versions : 7.0.x / 6.0.x / 5.5.x
Additional information : http://wiki.apache.org/tomcat/TomcatVersions
Plugin Publication Date: 2008/10/21
Synopsis: The remote database server can be accessed without a password.
Description
It is possible to connect to the remote MySQL database server using an
unpassworded account. This may allow an attacker to launch further
attacks against the database.
Solution
Disable or set a password for the affected account.
See Also
http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
Risk Factor: High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
7.5 (CVSS2#E:H/RL:U/RC:ND)
Plugin Output
The 'root' account does not have a password.
Here is the list of databases on the remote server :
- eventlog
- mysql
- test
CVE
CVE-2002-1809
CVE-2004-1532
BID
11704
Xref
OSVDB:380
OSVDB:16026
Vulnerability Publication Date: 2002/08/18
Plugin Publication Date: 2000/07/27
Plugin Last Modification Date: 2011/09/14
Public Exploit Available: True