Acunetix Website Audit

5 October, 2015

Developer Report

Generated by Acunetix WVS Reporter (v9.5 Build 20140602)

Scan of http://dreamhack.es:80/
Scan details

Scan information
Start time 05/10/2015 18:38:36
Finish time 05/10/2015 18:44:26
Scan time 5 minutes, 50 seconds
Profile Default

Server information
Responsive True
Server banner Apache/2.2.15 (CentOS)
Server OS Unix
Server technologies PHP

Threat level
Acunetix Threat Level 2
One or more medium-severity type vulnerabilities have been discovered by the scanner.
You should investigate each of these vulnerabilities to ensure they will not escalate to
more severe problems.

Alerts distribution

Total alerts found 6

High 0
Medium 3
Low 3
Informational 0

Knowledge base
Top 10 response times
The files listed below had the slowest response times measured during the crawling process. The average response time
for this site was 462,64 ms. These files could be targetted in denial of service attacks.

1. /, response time 516 ms

GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test
Host: dreamhack.es
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63
Safari/537.36
Accept: */*
List of files with inputs
These files have at least one input (GET or POST).

- / - 1 inputs
Acunetix Website Audit 2
Alerts summary

Apache httpd remote denial of service

Classification
CVSS Base Score: 7.9

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
CWE CWE-399
CVE CVE-2011-3192
Affected items Variation
Web Server s
1

PHP hangs on parsing particular strings as floating point number

Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
CWE CWE-189
CVE CVE-2010-4645
Affected items Variation
Web Server s
1

Slow HTTP Denial of Service Attack

Affected items Variation
Web Server s
1

Session Cookie without HttpOnly flag set

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
/ s
1

Acunetix Website Audit 3

 Session Cookie without Secure flag set
Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
/ s
1

TRACE method is enabled

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
Web Server s
1

Acunetix Website Audit 4

Alert details

Apache httpd remote denial of service

Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)

Description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache
HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and
with a modest number of requests can cause very significant memory and CPU usage on the server.

This alert was generated using only banner information. It may be a false positive.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).

Impact
Remote Denial of Service

Recommendation
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project
Web site.
References
CVE-2011-3192
Apache httpd Remote Denial of Service (memory exhaustion)
Apache HTTP Server 2.2.20 Released
Apache HTTPD Security ADVISORY
CVE-2011-3192

Affected items

Web Server
Details
Current version is : 2.2.15

Acunetix Website Audit 5

 PHP hangs on parsing particular strings as floating point number

Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)

Description
This alert was generated using only banner information. It may be a false positive.

PHP hangs when parsing '2.2250738585072011e-308' string as a floating point number.

Affected PHP versions: 5.3 up to version 5.3.5 and 5.2 up to version 5.2.17

Impact
Denial of service attack

Recommendation
Upgrade PHP to the latest version.
References
CVE-2010-4645
PHP Homepage
PHP Hangs On Numeric Value 2.2250738585072011e-308

Affected items

Web Server
Details
Current version is : PHP/5.3.3

Acunetix Website Audit 6

 Slow HTTP Denial of Service Attack

Severity Medium
Type Configuration
Reported by module Slow_HTTP_DOS

Description
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.

Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be
completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is
very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources
busy, this creates a denial of service.

Impact
A single machine can take down another machine's web server with minimal bandwidth and side effects on unrelated
services and ports.
Recommendation
Consult Web references for information about protecting your web server against this type of attack.
References
Protect Apache Against Slowloris Attack
Slowloris DOS Mitigation Guide
Slowloris HTTP DoS

Affected items

Web Server
Details
Time difference between connections: 10000 ms

Acunetix Website Audit 7

 Session Cookie without HttpOnly flag set

Severity Low
Type Informational
Reported by module Crawler

Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection
for session cookies.

Impact
None

Recommendation
If possible, you should set the HTTPOnly flag for this cookie.

Affected items

/
Details
Cookie name: "qtrans_cookie_test"
Cookie domain: "dreamhack.es"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test
Host: dreamhack.es
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit 8

 Session Cookie without Secure flag set

Severity Low
Type Informational
Reported by module Crawler

Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the
cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.

Impact
None

Recommendation
If possible, you should set the Secure flag for this cookie.

Affected items

/
Details
Cookie name: "qtrans_cookie_test"
Cookie domain: "dreamhack.es"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test
Host: dreamhack.es
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit 9

 TRACE method is enabled

Severity Low
Type Validation
Reported by module Scripting (Track_Trace_Server_Methods.script)

Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web
browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and
authentication data.
Recommendation
Disable TRACE Method on the web server.
References
Cross-site tracing (XST)
US-CERT VU#867593
W3C - RFC 2616

Affected items

Web Server
Details
No details are available.
Request headers
TRACE /gBWMukdfI3 HTTP/1.1
Cookie: qtrans_cookie_test=qTranslate+Cookie+Test
Host: dreamhack.es
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit 10

Scanned items (coverage report)
Scanned 1 URLs. Found 1 vulnerable.
URL: http://dreamhack.es/
Vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
Host HTTP Header

Acunetix Website Audit 11