Scan Report Executive Summary
Part 1. Scan Information
Scan Customer Company:
SNS Hosting
ASV Company:
Sectigo Limited
Date scan was completed:
08-06-2019
Scan expiration date:
11-04-2019
Part 2. Component Compliance Summary
Component (IP Address, domain, etc.):c.snshost.com
Pass
Fail
Part 3a. Vulnerabilities Noted for each Component
ASV may choose to omit vulnerabilities that do not impact compliance from this section, however, failing vulnerabilities that have been changed to
"pass" via exceptions or after remediation / rescan must always be listed
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Web Application Sitemap 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Sitemap 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Sitemap 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Sitemap 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Server Allows Password Auto-Completion 2087
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Server Allows Password Auto-Completion 2083
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Server Directory Enumeration 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Server Directory Enumeration 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Server Directory Enumeration 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Additional DNS Hostnames 0 / tcp /
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Mailman Detection 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
CGI Generic Injectable Parameter 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
CGI Generic Injectable Parameter 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
CGI Generic Injectable Parameter 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
HyperText Transfer Protocol (HTTP) Redirect
Low
0.0
The vulnerability is not included in the
Information 2095 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Redirect
Low
0.0
The vulnerability is not included in the
Information 2086 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Redirect
Low
0.0
The vulnerability is not included in the
Information 2082 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Redirect
Low
0.0
The vulnerability is not included in the
Information 2052 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Redirect
Low
0.0
The vulnerability is not included in the
Information 80 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
8880 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
8080 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2095 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2087 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2086 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2083 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2082 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information
Low
0.0
The vulnerability is not included in the
2052 / tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information 443
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
HyperText Transfer Protocol (HTTP) Information 80 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Common Platform Enumeration (CPE) 0 / tcp /
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 8880 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 8443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 8080 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Nessus SYN scanner 2095 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2086 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2082 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2053 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 2052 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Nessus SYN scanner 80 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 2053 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 8443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL Cipher Suites Supported 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Potentially Sensitive CGI Parameter
Low
0.0
The vulnerability is not included in the
Detection 2087 / tcp / www
NVD
c.snshost.com
Web Application Potentially Sensitive CGI Parameter
Low
0.0
The vulnerability is not included in the
Detection 2083 / tcp / www
NVD
c.snshost.com
Web Application Potentially Sensitive CGI Parameter
Low
0.0
The vulnerability is not included in the
Detection 443 / tcp / www
NVD
c.snshost.com
Web Server No 404 Error Code Check 8080 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2083 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2096 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2087 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2095 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Web Server No 404 Error Code Check 2086 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2082 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 2052 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Server No 404 Error Code Check 80 / tcp / wwwLow
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP X-Frame-Options Response Header Usage
Low
0.0
The vulnerability is not included in the
2096 / tcp / www
NVD
c.snshost.com
HTTP X-Frame-Options Response Header Usage
Low
0.0
The vulnerability is not included in the
2087 / tcp / www
NVD
c.snshost.com
HTTP X-Frame-Options Response Header Usage
Low
0.0
The vulnerability is not included in the
2083 / tcp / www
NVD
c.snshost.com
HTTP X-Frame-Options Response Header Usage
Low
0.0
The vulnerability is not included in the
443 / tcp / www
NVD
c.snshost.com
HTTP Methods Allowed (per directory) 443 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
HTTP Methods Allowed (per directory) 80 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
JQuery Detection 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP X-Content-Security-Policy Response Header
Low
0.0
The vulnerability is not included in the
Usage 2096 / tcp / www
NVD
c.snshost.com
HTTP X-Content-Security-Policy Response Header
Low
0.0
The vulnerability is not included in the
Usage 2087 / tcp / www
NVD
c.snshost.com
HTTP X-Content-Security-Policy Response Header
Low
0.0
The vulnerability is not included in the
Usage 2083 / tcp / www
NVD
c.snshost.com
HTTP X-Content-Security-Policy Response Header
Low
0.0
The vulnerability is not included in the
Usage 443 / tcp / www
NVD
c.snshost.com
Web Application Cookies Are Expired 2087 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 2082 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 2052 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Web Application Cookies Are Expired 2095 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 2086 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 8080 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 80 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Cookies Are Expired 2096 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 2083 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 443 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Web Application Cookies Are Expired 8880 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
CGI Generic Tests Load Estimation (all tests) 2087 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
CGI Generic Tests Load Estimation (all tests) 2083 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
CGI Generic Tests Load Estimation (all tests) 443 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Server robots.txt Information Disclosure 2083 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Server robots.txt Information Disclosure 2087 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Strict Transport Security (STS) Detection 2083 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Strict Transport Security (STS) Detection 443 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
Strict Transport Security (STS) Detection 2087 / tcp /
Low
0.0
The vulnerability is not included in the
www
NVD
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
2053 / tcp / www
NVD
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
2096 / tcp / www
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
2083 / tcp / www
NVD
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
8443 / tcp / www
NVD
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
443 / tcp / www
NVD
c.snshost.com
SSL Cipher Block Chaining Cipher Suites Supported
Low
0.0
The vulnerability is not included in the
2087 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 2053 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 2096 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 2083 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 8443 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 443 / tcp / www
NVD
c.snshost.com
SSL Perfect Forward Secrecy Cipher Suites
Low
0.0
The vulnerability is not included in the
Supported 2087 / tcp / www
NVD
c.snshost.com
CGI Generic Tests HTTP Errors 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2087
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2082
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2052
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2095
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2086
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 8080
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 80 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2096
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 2083
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 443 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked HttpOnly 8880
Low
0.0
The vulnerability is not included in the
/ tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2087 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2082 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2052 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2095 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2086 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 8080 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 80 / tcp
Low
0.0
The vulnerability is not included in the
/ www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2096 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 2083 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 443 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
Web Application Cookies Not Marked Secure 8880 /
Low
0.0
The vulnerability is not included in the
tcp / www
NVD
c.snshost.com
SSL / TLS Versions Supported 2053 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL / TLS Versions Supported 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL / TLS Versions Supported 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL / TLS Versions Supported 8443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
SSL / TLS Versions Supported 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
SSL / TLS Versions Supported 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2082 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2052 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2095 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2086 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 8080 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 80 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
HTTP Server Type and Version 8880 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2082 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2052 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2095 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2086 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 8080 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 80 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 8880 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2053 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 8443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
Compliance
Exceptions, False Positives, or
Status
Compensating Controls
Severity
CVSS
Component
Vulnerabilities Noted per Component
level
Score
(Noted by the ASV for this vulnerability)
Pass
Fail
c.snshost.com
Service Detection 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2053 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2096 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2083 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 8443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 2087 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
c.snshost.com
Service Detection 443 / tcp / www
Low
0.0
The vulnerability is not included in the
NVD
Consolidated Solution/Correction Plan for above IP address:
Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
Analyze the redirect(s) to verify that this is valid operation for your web server and/or application.
Protect your target with an IP filter.
Ensure sensitive data is not disclosed by CGI parameters. In addition, do not use CGI parameters to control access to resources or privileges.
Set a properly configured X-Frame-Options header for all requested resources.
Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If needed, set an expiration date in the future so the cookie will persist or remove the Expires cookie attribute altogether to convert the cookie to a session cookie.
Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit
access to sensitive material.
Rescan with a longer network timeout or less parallelism for example, by changing the following options in the scan policy :
- Network -> Network Receive Timeout (check_read_timeout)
- Options -> Number of hosts in parallel (max_hosts)
- Options -> Number of checks in parallel (max_checks)
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If possible, add the 'HttpOnly' attribute to all session cookies and any cookies containing sensitive data.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.
If possible, ensure all communication occurs over an encrypted channel and add the 'secure' attribute to all session cookies or any cookies containing sensitive data.
Part 3b. Special Notes by Component
Scan customer`s description of action taken and declaration that software is either
Component
Special Note
Item Noted
implemented securely or removed
Part 3c. Special notes -- Full Text
Note
Part 4a. Scope Submitted by Scan Customer for Discovery
IP Addresses/ranges/subnets, domains, URLs, etc.
DOMAIN:c.snshost.com
Part 4b. Scan Customer Designated “In-Scope” Components (Scanned)
IP Addresses/ranges/subnets, domains, URLs, etc.
c.snshost.com
Part 4c. Scan Customer Designated “Out-of-Scope” Components (Not Scanned)
Requires description for each IP Address/range/subnet, domain, URL
104.31.84.213
104.31.85.213
198.251.81.225
s6.asurahosting.com
www.c.snshost.com