Trustwave Asv Report 072817

Report Date: 2017-07-31
Vulnerability Scan Report: Attestation of Compliance

Scan Customer Information Approved Scanning Vendor Information
Company Name: Learning Strategies Corporation Company Name: Trustwave Holdings, Inc.
Contact: Jason Rust Title: Contact: Trustwave Support URL: www.trustwave.com
Telephone: 952-767-9800 E-mail: SystemsDepartment@LearningStrategies.com Telephone: 1-800-363-1621 E-mail: support@trustwave.com
Business Address: 2000 Plymouth Rd Suite 300 Business Address: 70 West Madison St., Ste 1050
City: Minnetonka State/Province: Minnesota City: Chicago State/Province: IL
ZIP/Postal Code: 55305 Country: US ZIP/Postal Code: 60602 Country: US
Scan Status
Fail Scan Compliance Status

5 Number of unique components scanned that are in scope
2 Number of identified failing vulnerabilities
1 Number of components scanned by TrustKeeper but confirmed by the customer not to be in scope
2017-07-28 Date Scan Completed
N/A Scan Expiration Date (3 months from Date Scan Completed)
Scan Customer Attestation Approved Scanning Vendor Attestation
Learning Strategies Corporation attests that: This scan includes all components which should be in scope for This scan and report were prepared and conducted by Trustwave under certificate number 3702-01-11 (2016),
PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder 3702-01-10 (2015), 3702-01-09 (2014), 3702-01-08 (2013), 3702-01-07 (2012), 3702-01-06 (2011), 3702-01-
data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and 05 (2010), according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV
complete. Learning Strategies Corporation also acknowledges the following: 1) proper scoping of this external Program Guide.
scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are
compliant with the external vulnerability scan requirement of the PCI DSS; This scan does not represent Trustwave attests that the PCI DSS scan process was followed, including a manual or automated Quality
Learning Strategies Corporations overall compliance status with PCI DSS or provide any indication of Assurance process with customer boarding and scoping practices, review of results for anomalies, and review
compliance with other PCI DSS requirements. and correction of 1) disputed or incomplete results, 2) false positives, and 3) active interference. This report
and any exceptions were reviewed by the Trustwave Quality Assurance Process.
Signature Printed Name
Title Date
Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure. Copyright 2017 Trustwave Holdings, Inc., All rights reserved.
Dissemination, distribution or copying of this document or the information herein is prohibited without prior permission of Trustwave and
Page 1 of 110
Learning Strategies Corporation.
HIDDEN TEXT TO MARK THE BEGINNING OF THE TABLE OF CONTENTS
Vulnerability Scan Report: Table of Contents
Attestation of Compliance 1
Executive Summary 3
Part 1. Scan Information 3
Part 2. Component Compliance Summary 3
Part 3a. Vulnerabilities Noted for Each IP Address 4
Part 3b. Special Notes by IP Address 11
Vulnerability Details 12
Part 1. Scan Information 12
Part 2. Scan Inventory (Accessible Systems and Services) 12
Part 3a. Previous Scan Targets (Not Scanned) 13
Part 3b. Discovered Scan Targets (Not Scanned) 13
Part 3c. Load Balancers 15
Part 4. Vulnerability & Policy Violations 16
137.66.32.44 (www.photoreading.com) 16
137.66.32.45 (www.learningstrategies.com) 31
137.66.32.46 (www.jeddahmali.com) 69
137.66.32.48 (www.sedona.com) 77
Part 5a. Web Servers 108
Part 5b. SSL Certificate Information 109
Part 6. Disputed Vulnerability & Policy Violations 110
Page 2 of 110
Vulnerability Scan Report: Executive Summary
Part 1. Scan Information
Scan Customer Company Learning Strategies Corporation
ASV Company Trustwave Holdings, Inc.
Scan Compliance Status Fail
Date Scan Completed 2017-07-28
Scan Expiration Date N/A
Part 2. Component Compliance Summary
Compliance
# Name Type IP Address Source Critical High Medium Low Info
Status
70.57.156.206 (Office2 The location passed because it is hidden from our

1 Pass Physical 70.57.156.206 IP Address
Century Link) scanners*
50.244.197.17 (Office1
2 Pass Physical 50.244.197.17 IP Address 0 0 0 0 0
Comcast)
3 Pass www.photoreading.com Web Site 137.66.32.44 Domain Name 0 0 0 2 21
www.learningstrategies.c
4 Fail Web Site 137.66.32.45 Domain Name 0 0 1 5 36
om
5 Not In Scope www.jeddahmali.com Web Site 137.66.32.46 Domain Name 0 0 0 2 9
6 Fail www.sedona.com Web Site 137.66.32.48 Domain Name 0 0 1 6 30
Page 3 of 110
Total Findings 0 0 2 15 96
Total PCI Vulnerabilities 0 0 2 0 0
* Note: This target did not respond to probes from the TrustKeeper scanners. For some targets, such as firewalls, this is good, since the target is protected and hidden from
the Internet. For websites, it could mean the web site is not available, or the domain name is misspelled. It is also possible that these targets are internal IP addresses that
cannot be tested by Trustwave's Internet scanners.
Part 3a. Vulnerabilities Noted for Each IP Address
CVSS Compliance Exceptions, False Positives, or Compensating Controls Noted by the

# IP Address Vulnerabilities Noted Severity
Score Status ASV for this Vulnerability
Note to scan customer:
1 137.66.32.44 No X-FRAME-OPTIONS Header Low 2.60 Pass
This vulnerability is not recognized in the National Vulnerability
(www.photoreadin
Database.
g.com)
2 137.66.32.44 Discovered HTTP Methods Info 0.00 Pass

(www.photoreadin
g.com)
3 137.66.32.44 Discovered Web Applications Info 0.00 Pass

(www.photoreadin
g.com)
4 137.66.32.44 Discovered Web Directories Info 0.00 Pass

(www.photoreadin
g.com)

5 137.66.32.44 Enumerated Applications Info 0.00 Pass
(www.photoreadin
Database.
g.com)
Page 4 of 110

6 137.66.32.44 Enumerated Hostnames Info 0.00 Pass

(www.photoreadin
g.com)
7 137.66.32.44 Enumerated SSL/TLS Cipher Info 0.00 Pass

(www.photoreadin Suites
g.com)
8 137.66.32.44 Information Disclosure via Info 0.00 Pass

(www.photoreadin sitemap.xml
g.com)

9 137.66.32.44 Non-HttpOnly Session Cookies Info 0.00 Pass
(www.photoreadin Identified
Database.
g.com)
10 137.66.32.44 URLScan Detected Info 0.00 Pass

(www.photoreadin
g.com)
Consolidated Solution/Correction Plan for the above IP Address:
Configure the HTTP service(s) running on this host to adhere to information security best practices.
Restrict access to any files, applications, and/or network services for which there is no business requirement to be publicly accessible.
Ensure that any web applications running on this host is configured following industry security best practices.
Ensure that any web applications running on this host properly validate and transmit user input in a secure manner.

11 137.66.32.45 Reflected Cross-Site Scripting Medium 4.30 Fail
A cross-site scripting vulnerability violates PCI DSS and is considered
(www.learningstra Vulnerability
an automatic failing condition. This vulnerability is not recognized in
tegies
the National Vulnerability Database.
Page 5 of 110

.com)
(www.learningstra
Database.
tegies.com)

13 137.66.32.45 Auto-Completion Enabled for Low 1.20 Pass
(www.learningstra Password Fields
Database.
tegies.com)

(www.learningstra
tegies.com)

(www.learningstra
tegies.com)

(www.learningstra
tegies.com)

(www.learningstra
Database.
tegies.com)

(www.learningstra
tegies.com)
Page 6 of 110


(www.learningstra Suites
tegies.com)
20 137.66.32.45 HTTP Responses Missing Info 0.00 Pass

(www.learningstra Character Encoding
tegies.com)

(www.learningstra robots.txt
tegies.com)

22 137.66.32.45 Non-HttpOnly Session Cookies Info 0.00 Pass
(www.learningstra Identified
Database.
tegies.com)
23 137.66.32.45 Non-Secure Session Cookies Info 0.00 Pass

(www.learningstra Identified
tegies.com)

(www.learningstra
tegies.com)
25 137.66.32.45 Web Application Potentially Info 0.00 Pass

(www.learningstra Sensitive CGI Parameter
tegies.com) Detection
26 137.66.32.45 Wildcard SSL Certificate Info 0.00 Pass
Page 7 of 110

(www.learningstra Detected
tegies.com)

27 137.66.32.46 No X-FRAME-OPTIONS Header Low 2.60 Out of Scope
(www.jeddahmali.
Database.
com)
28 137.66.32.46 Discovered Web Applications Info 0.00 Out of Scope

(www.jeddahmali.
com)
29 137.66.32.46 Enumerated Applications Info 0.00 Out of Scope
(www.jeddahmali.
Database.
com)
30 137.66.32.46 Enumerated Hostnames Info 0.00 Out of Scope

(www.jeddahmali.
com)
31 137.66.32.46 Enumerated SSL/TLS Cipher Info 0.00 Out of Scope

(www.jeddahmali. Suites
com)
32 137.66.32.46 SSL Certificate Common Name Info 0.00 Out of Scope

(www.jeddahmali. Does Not Validate
Page 8 of 110

com)
33 137.66.32.46 SSL Certificate is Not Trusted Info 0.00 Out of Scope

(www.jeddahmali.
com)
34 137.66.32.46 URLScan Detected Info 0.00 Out of Scope

(www.jeddahmali.
com)
Configure the SSL service(s) running on this host to adhere to information security best practices.

35 137.66.32.48 Reflected Cross-Site Scripting Medium 4.30 Fail
A cross-site scripting vulnerability violates PCI DSS and is considered
(www.sedona.com Vulnerability
an automatic failing condition. This vulnerability is not recognized in
)
the National Vulnerability Database.

(www.sedona.com
Database.
)

37 137.66.32.48 Auto-Completion Enabled for Low 1.20 Pass
(www.sedona.com Password Fields
Database.
)

(www.sedona.com
)
Page 9 of 110

(www.sedona.com
)

(www.sedona.com
)
(www.sedona.com
Database.
)

(www.sedona.com
)

(www.sedona.com Suites
)
44 137.66.32.48 HTTP Responses Missing Info 0.00 Pass

(www.sedona.com Character Encoding
)

(www.sedona.com robots.txt
)
46 137.66.32.48 Non-Secure Session Cookies Info 0.00 Pass

(www.sedona.com Identified
)

(www.sedona.com
)
Page 10 of 110

48 137.66.32.48 Web Application Potentially Info 0.00 Pass

(www.sedona.com Sensitive CGI Parameter
) Detection
Part 3b. Special Notes by IP Address
Scan customer's description of

Item Noted Scan customer's declaration that
actions taken to either: 1) remove
(remote access software is implemented securely
# IP Address Note the software or 2) implement
software, POS (see next column if not
security controls to secure the
software, etc.) implemented securely)
software
No Special Notes
Page 11 of 110
Vulnerability Scan Report: Vulnerability Details
Part 1. Scan Information
Scan Customer Company Learning Strategies Corporation Date Scan Completed 2017-07-28
ASV Company Trustwave Holdings, Inc. Scan Expiration Date N/A
Part 2. Scan Inventory (Accessible Systems and Services)
The following systems and network services were detected during this scan. This information is provided for your information. Please refer to "Part 4. Vulnerabilities & Policy
Violations" for all PCI compliance-related issues.
Reading Your Scan Inventory

The vulnerability scan reveals Internet-accessible computers and network services available on your network. The following systems (e.g., computers, servers, routers, etc.)
and network services (e.g., Web and mail servers) were discovered during the vulnerability scan. As a general rule, all unnecessary network services should be disabled, and
all other services should be protected by a firewall or similar device. Only those services which must be available to the public should be visible from the Internet.
Names - A system may be known by many names. For example, a server that offers Web and mail services may be known as both www.mycompany.com and
mail.mycompany.com. This report includes as many names as could be identified, including public domain names, Windows domain/workgroups, Windows name, and
the "real" name assigned in your DNS server.
Ping - One technique TrustKeeper uses is to try to "ping" systems in your network. It is generally considered to be good practice to block inbound pings as it can give
attackers information about your network. However, this decision may be affected by network monitoring needs and other considerations.
Service Information - A large number of services (e.g., TCP and UDP ports) are probed during the scan. Any that appear to be active on the device are listed in the table.
You should review this list to ensure that only those services you intend to offer to the public are accessible. All other internal services should be protected by your
firewall or similar device.
Service Information
# Device Names OS Ping
Port Protocol Application Detail
1 137.66.32.46 Microsoft Windows false tcp/80 http microsoft:iis Microsoft-IIS/8.0

(www.jeddahmali. Windows_Server_2
com) 012 tcp/443 http Microsoft-
HTTPAPI/2.0
All other scanned ports were filtered.
Page 12 of 110
Service Information
# Device Names OS Ping
Port Protocol Application Detail
(www.photoreadin Windows_Server_2 tcp/443 http microsoft:iis Microsoft-IIS/8.0

g.com) 012

(www.sedona.com Windows_Server_2
) 012 tcp/443 http microsoft:iis Microsoft-IIS/8.0
4 137.66.32.45 learningstrategies.com Microsoft Windows false tcp/80 http microsoft:iis Microsoft-IIS/8.0

(www.learningstra Windows_Server_2
tegies.com) 012 tcp/443 http microsoft:iis Microsoft-IIS/8.0
5 50.244.197.17 Mail1.learningstrategies.com false

(Office1 Comcast)
Part 3a. Previous Scan Targets (Not Scanned)
The following locations were removed from your scan setup at your request and have not been included in this scan. You confirmed that these locations or domain names
do not store, process, or transmit cardholder data and therefore not required to be scanned for PCI DSS compliance.
# Name Type IP Address Date Removed
1 www.happyfornoreason.com Web Site 2017-03-20
Page 13 of 110
Part 3b. Discovered Scan Targets (Not Scanned)
The following systems were discovered to be related to your network during this scan. TrustKeeper only scans those systems which are explicitly identified by you; however,
the following systems were identified using reconnaissance techniques based on the information you provided. While not scanned for this assessment, you should be aware
that an attacker could identify the same information.
Please review this information and update your TrustKeeper Scan Setup if any of the following systems are relevant to the assessment being performed. In many cases,
some of these systems will not be relevant to the assessment. Common examples include domain name servers (DNS) and mail servers maintained by your ISP. The
scanner may also identify internal systems that are not directly accessible from the Internet.
# IP Address Domain Name Comments
1 68.178.213.203 smtp.secureserver.net Discovered hosts using second-level domain name(s): jeddahmali.com
2 68.178.213.244 mailstore1.secureserver.net Discovered hosts using second-level domain name(s): jeddahmali.com
3 72.167.238.29 smtp.secureserver.net Discovered hosts using second-level domain name(s): photoreading.com
4 72.167.238.32 mailstore1.secureserver.net Discovered hosts using second-level domain name(s): photoreading.com
5 74.125.202.26 aspmx.l.google.com Discovered hosts using second-level domain name(s): sedona.com
6 173.194.68.26 alt1.aspmx.l.google.com Discovered hosts using second-level domain name(s): sedona.com
7 173.194.68.26 aspmx2.googlemail.com Discovered hosts using second-level domain name(s): sedona.com
8 173.194.211.26 alt2.aspmx.l.google.com Discovered hosts using second-level domain name(s): sedona.com
9 173.194.212.26 aspmx3.googlemail.com Discovered hosts using second-level domain name(s): sedona.com
10 207.204.21.129 ns58.worldnic.com Discovered hosts using second-level domain name(s): sedona.com
11 207.204.40.129 ns57.worldnic.com Discovered hosts using second-level domain name(s): sedona.com
12 208.109.255.26 ns52.domaincontrol.com Discovered hosts using second-level domain name(s): jeddahmali.com
13 208.109.255.26 ns52.domaincontrol.com Discovered hosts using second-level domain name(s): photoreading.com
14 208.109.255.29 ns58.domaincontrol.com Discovered hosts using second-level domain name(s): learningstrategies.com
Page 14 of 110
Part 3b. Discovered Scan Targets (Not Scanned)
The following systems were discovered to be related to your network during this scan. TrustKeeper only scans those systems which are explicitly identified by you; however,
the following systems were identified using reconnaissance techniques based on the information you provided. While not scanned for this assessment, you should be aware
that an attacker could identify the same information.
Please review this information and update your TrustKeeper Scan Setup if any of the following systems are relevant to the assessment being performed. In many cases,
some of these systems will not be relevant to the assessment. Common examples include domain name servers (DNS) and mail servers maintained by your ISP. The
scanner may also identify internal systems that are not directly accessible from the Internet.
# IP Address Domain Name Comments
15 216.32.180.10 learningstrategies- Discovered hosts using second-level domain name(s): learningstrategies.com

com.mail.protection.outlook.com
16 216.69.185.26 ns51.domaincontrol.com Discovered hosts using second-level domain name(s): jeddahmali.com
17 216.69.185.26 ns51.domaincontrol.com Discovered hosts using second-level domain name(s): photoreading.com
18 216.69.185.29 ns57.domaincontrol.com Discovered hosts using second-level domain name(s): learningstrategies.com
Part 3c. Load Balancers
If you are using load balancers in your network to spread traffic across multiple servers, it is your responsibility to ensure that the configuration of the environment
behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS.
Page 15 of 110
Part 4. Vulnerability & Policy Violations
The following issues were identified during this scan. Please review all items and address all that items that affect compliance or the security of your system.
In the tables below you can find the following information about each TrustKeeper finding.
CVE Number - The Common Vulnerabilities and Exposure number(s) for the detected vulnerability - an industry standard for cataloging vulnerabilities. A comprehensive
list of CVEs can be found at nvd.nist.gov or cve.mitre.org.
Vulnerability - This describes the name of the finding, which usually includes the name of the application or operating system that is vulnerable.
CVSS Score - The Common Vulnerability Scoring System is an open framework for communicating the characteristics and impacts of IT vulnerabilities. Further
information can be found at www.first.org/cvss or nvd.nist.gov/cvss.cfm.
Severity - This identifies the risk of the vulnerability. It is closely associated with the CVSS score.
Compliance Status - Findings that are PCI compliance violations are indicated with a Fail status. In order to pass a vulnerability scan, these findings must be addressed.
Most findings with a CVSS score of 4 or more, or a Severity of Medium or higher, will have a Fail status. Some exceptions exist, such as DoS vulnerabilities, which are
not included in PCI compliance.
Details - TrustKeeper provides the port on which the vulnerability is detected, details about the vulnerability, links to available patches and other specific guidance on
actions you can take to address each vulnerability.
For more information on how to read this section and the scoring methodology used, please refer to the appendix.
137.66.32.44 (www.photoreading.com)
CVSS Compliance
# CVE Number Vulnerability Severity Details
Score Status
1 No X-FRAME-OPTIONS 2.60 Low Pass Port: tcp/80

Header
This host does not appear to utilize the benefits that the X-FRAME-
OPTIONS HTTP header element offers. This header may be
implemented to prevent pages on this system from being used in part
of a click-jacking scenario. The X-FRAME-OPTIONS header specifies
what systems (if any) are allowed to refer to pages on this system
(when the page is to appear within a HTML frame type of object).
CVSSv2: AV:N/AC:H/Au:N/C:N/I:P/A:N
Page 16 of 110
CVSS Compliance
Score Status
Service: http
Application: microsoft:iis
Reference:
https://www.owasp.org/index.php/Clickjacking#X-FRAME-OPTIONS
Remediation:
Consider utilizing the X-FRAME-OPTIONS header option to prevent click-
jacking type of attacks.

Header
Service: http
Reference:
Remediation:
Page 17 of 110
CVSS Compliance
Score Status
3 Enumerated Applications 0.00 Info Pass Port: tcp/80
The following applications have been enumerated on this device.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:N
Service: http
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
No remediation is required.
Service: http
Evidence:
CPE: microsoft:.net_framework
URI: /
Version: unknown
Remediation:
Page 18 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
CPE: microsoft:asp.net
URI: /
Version: unknown
Remediation:
6 Discovered Web 0.00 Info Pass Port: tcp/80

Applications
The following web applications were discovered on the remote HTTP
server.
Service: http
Remediation:
Page 19 of 110
CVSS Compliance
Score Status
7 URLScan Detected 0.00 Info Pass Port: tcp/80
The web server appears to be using Microsoft's URLScan tool, an ISAPI

filter that can be configured to block specified web requests.
Service: http
Reference:
http://technet.microsoft.com/en-us/security/cc242650.aspx
Evidence:
Method: urlscan.ini 'MaxQueryString' is set to the default of 2048.
Query strings longer than 2048 characters are rejected.
Remediation:
No remediation necessary. This is identified for informational purposes.
Service: http
Evidence:
Page 20 of 110
CVSS Compliance
Score Status
URI: /
Version: 2.0.50727
Remediation:
9 Discovered HTTP Methods 0.00 Info Pass Port: tcp/80
Requesting the allowed HTTP OPTIONS from this host shows which
HTTP protocol methods are supported by its web server. Note that, in
some cases, this information is not reported by the web server
accurately.
Service: http
Evidence:
URL: http://www.photoreading.com/
Methods: OPTIONS, TRACE, GET, HEAD, POST
Remediation:
Review your web server configuration and ensure that only those HTTP
methods required for your business operations are enabled.
10 Discovered Web Directories 0.00 Info Pass Port: tcp/80
It was possible to guess one or more directories contained in the
Page 21 of 110
CVSS Compliance
Score Status
publicly accessible path of this web server.
Service: http
Evidence:
URL: http://www.photoreading.com:80/bak/
HTTP Response Code: 403
URL: http://www.photoreading.com:80/css/
URL: http://www.photoreading.com:80/images/
URL: http://www.photoreading.com:80/inc/
URL: http://www.photoreading.com:80/scripts/
Remediation:
Review these directories and verify that there is no unintentional
content made available to remote users.
11 Non-HttpOnly Session 0.00 Info Pass Port: tcp/80

Cookies Identified
The website software running on this server appears to be setting
session cookies without the HttpOnly flag set. This means the session
identifier information in these cookies is susceptible to attacks such as
Cross-site Scripting which may allow attackers to read this cookie's
data.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:N/A:N
Service: http
Page 22 of 110
CVSS Compliance
Score Status
Reference:
http://msdn.microsoft.com/en-
us/library/system.web.httpcookie.httponly.aspx
https://www.owasp.org/index.php/HttpOnly
Evidence:
URL: http://www.photoreading.com/
Cookie Name: ASPSESSIONIDAQRQCSSR
Cookie Value: IOJDFADBGELONIMAAFFEINKK
Cookie HttpOnly Flag: false
Remediation:
Contact the vendor of this web application and request the HttpOnly
flag be set on session cookies.
12 Information Disclosure via 0.00 Info Pass Port: tcp/80

sitemap.xml
Some Web Servers use a file called sitemap.xml to make search
engines and any other indexing tools visit their WebPages more
frequently and more efficiently. By connecting to the server and
requesting the sitemap.xml file, an attacker may gain additional
information about the system they are attacking. Even though
sitemap.xml is meant to point towards content which is meant to be
indexed, it can reveal files and directories an attacker might not find
while crawling the server content.
Service: http
Page 23 of 110
CVSS Compliance
Score Status
Reference:
http://www.sitemaps.org/
Evidence:
sitemap.xml URL: http://www.photoreading.com/sitemap.xml
Remediation:
If a sitemap.xml file is necessary, entries in it should be kept to a
minimum.
13 Enumerated SSL/TLS Cipher 0.00 Info Pass Port: tcp/443

Suites
The finding reports the SSL cipher suites for each SSL/TLS service
version provided by the remote service. This finding does not represent
a vulnerability, but is only meant to provide visibility into the behavior
and configuration of the remote SSL/TLS service.
The information provided as part of this finding includes the SSL
version (ex: TLSv1) as well as the name of the cipher suite (ex: RC4-
SHA).
A cipher suite is a set of cryptographic algorithms that provide

authentication, encryption, and message authentication code (MAC) as
part of an SSL/TLS negotiation and through the lifetime of the SSL
session. It is typical that an SSL service would support multiple cipher
suites. A cipher suite can be supported by across multiple SSL/TLS
versions, so you should be of no concern to see the same cipher name
reported for multiple
Service: http
Page 24 of 110
CVSS Compliance
Score Status
Reference:
http://www.openssl.org/docs/apps/ciphers.html
Evidence:
Cipher Suite: TLSv1_1 : ECDHE-RSA-AES256-SHA
Cipher Suite: TLSv1_1 : AES256-SHA
Cipher Suite: TLSv1_2 : ECDHE-RSA-AES256-SHA384
Cipher Suite: TLSv1_2 : AES256-GCM-SHA384
Cipher Suite: TLSv1_2 : AES256-SHA256
Remediation:
No remediation is necessary.
Service: http
Page 25 of 110
CVSS Compliance
Score Status
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Page 26 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URI: /
Version: unknown
Remediation:

Applications
server.
Service: http
Remediation:

Page 27 of 110
CVSS Compliance
Score Status
Service: http
Reference:
Evidence:
Remediation:
Service: http
Evidence:
URI: /
Version: 2.0.50727
Remediation:
Page 28 of 110
CVSS Compliance
Score Status
accurately.
Service: http
Evidence:
URL: https://www.photoreading.com/
Remediation:

Service: http
Page 29 of 110
CVSS Compliance
Score Status
Evidence:
URL: https://www.photoreading.com:443/bak/
URL: https://www.photoreading.com:443/css/
URL: https://www.photoreading.com:443/images/
URL: https://www.photoreading.com:443/inc/
URL: https://www.photoreading.com:443/scripts/
Remediation:

sitemap.xml
Some Web Servers use a file called sitemap.xml to make search
requesting the sitemap.xml file, an attacker may gain additional
information about the system they are attacking. Even though
sitemap.xml is meant to point towards content which is meant to be
indexed, it can reveal files and directories an attacker might not find
while crawling the server content.
Service: http
Reference:
http://www.sitemaps.org/
Page 30 of 110
CVSS Compliance
Score Status
Evidence:
sitemap.xml URL: https://www.photoreading.com/sitemap.xml
Remediation:
If a sitemap.xml file is necessary, entries in it should be kept to a
minimum.
23 Enumerated Hostnames 0.00 Info Pass This list contains all hostnames discovered during the scan that are
believed to belong to this host.
Evidence:
Hostname: www.photoreading.com, Source: SSL Certificate Subject
Common Name
Hostname: www.photoreading.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: photoreading.com, Source: SSL Certificate Subject
subjectAltName DNS
Remediation:
No action is required.
137.66.32.45 (www.learningstrategies.com)
CVSS Compliance
Score Status
1 Reflected Cross-Site 4.30 Medium Fail Port: tcp/443

Scripting Vulnerability
Page 31 of 110
CVSS Compliance
Score Status
A reflected cross-site scripting vulnerability was identified in this web
application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.
This web site responded to a harmless web request that included

Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.
A simple proof of concept example of this would be for a user to supply

"<script>alert('123')</script>" to a user defined parameter and then
upon submission, a message box would pop-up for the user because
the user defined content was used to modify the content of the
responding page.
Cross-site scripting can be found in many different forms and

combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.
All Cross-Site Scripting vulnerabilities are considered non-compliant by

PCI.
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
Page 32 of 110
CVSS Compliance
Score Status
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
URL: https://www.learningstrategies.com/Register.aspx
Parameter: r
Request: GET /Register.aspx?r=<script>alert('TK0000009D')</script>
HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: www.learningstrategies.com
Content-Type: text/html
Content-Length: 0
Response: HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=1ovithyvllqfu5zqimbado1g; path=/;
HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Jul 2017 17:03:05 GMT
Content-Length: 59547
Evidence: <script>alert('TK0000009D')</script>
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
Page 33 of 110
CVSS Compliance
Score Status
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Please note that the listing of XSS vulnerabilities is not an exhaustive

list, and other XSS vulnerabilities may exist in the application.

Header
Service: http
Reference:
Remediation:
Page 34 of 110
CVSS Compliance
Score Status

Header
Service: http
Reference:
Remediation:
4 Auto-Completion Enabled 1.20 Low Pass Port: tcp/443

for Password Fields
The web server running on this host uses password fields that allow
auto-completion by users' browsers. This could allow a user's
credentials to be stored by the browser and subsequently exposed if
the user's computer becomes compromised.
CVSSv2: AV:L/AC:H/Au:N/C:P/I:N/A:N
Service: http
Page 35 of 110
CVSS Compliance
Score Status
Reference:
http://msdn.microsoft.com/en-us/library/ms533032.aspx
https://developer.mozilla.org/En/How_to_Turn_Off_Form_Autocompletio
n
Evidence:
Location: https://www.learningstrategies.com/iFrames/Register
.aspx?Return=account&T=636368388791736626&r
=l
Form Name: (no name)
Action: https://www.learningstrategies.com/iFrames/Register
.aspx?Return=account&T=636368388791736626&r
=l
Fields: ctl00$Content$Password (password)
Remediation:
Modify the identified page so that the password field and the enclosing
form tags have an attribute named "autocomplete" with a value of
"off".
If this is a vendor application, contact the vendor for an updated

version of the application or guidance on addressing this issue.

for Password Fields
Page 36 of 110
CVSS Compliance
Score Status
Service: http
Reference:
n
Evidence:
Location: https://www.learningstrategies.com/Login.aspx
Action: https://www.learningstrategies.com:443/Login.aspx
Remediation:
"off".


for Password Fields
Page 37 of 110
CVSS Compliance
Score Status
Service: http
Reference:
n
Evidence:
Location: https://www.learningstrategies.com/index.php/admin
Action: https://www.learningstrategies.com:443/index.php/a
dmin
Remediation:
"off".


Page 38 of 110
CVSS Compliance
Score Status
Service: http
Reference:
Evidence:
Remediation:
Service: http
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
Page 39 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Service: http
Evidence:
URI: /
Version: 4.0.30319
Remediation:
Page 40 of 110
CVSS Compliance
Score Status
accurately.
Service: http
Evidence:
URL: http://137.66.32.45/
Remediation:

Applications
server.
Service: http
Page 41 of 110
CVSS Compliance
Score Status
Remediation:

Service: http
Evidence:
URL: http://137.66.32.45:80/svn/
URL: http://137.66.32.45:80/.svn/
URL: http://137.66.32.45:80/admin/
URL: http://137.66.32.45:80/login/
URL: http://137.66.32.45:80/_utils/
URL: http://137.66.32.45:80/dnn/
URL: http://137.66.32.45:80/wp/
URL: http://137.66.32.45:80/api/soap/?wsdl
URL: http://137.66.32.45:80/ts/
URL: http://137.66.32.45:80/TFS/
URL: http://137.66.32.45:80/mt/
URL: http://137.66.32.45:80/phpBB/
URL: http://137.66.32.45:80/lists/
Page 42 of 110
CVSS Compliance
Score Status
URL: http://137.66.32.45:80/phplist/
URL: http://137.66.32.45:80/phpMyAdmin/
URL: http://137.66.32.45:80/phproxy/
URL: http://137.66.32.45:80/sit/
URL: http://137.66.32.45:80/sm/
URL: http://137.66.32.45:80/shop/
URL: http://137.66.32.45:80/_old/
URL: http://137.66.32.45:80/_vti_log/
URL: http://137.66.32.45:80/_vti_pvt/
URL: http://137.66.32.45:80/_vti_shm/
URL: http://137.66.32.45:80/_vti_txt/
URL: http://137.66.32.45:80/~log/
URL: http://137.66.32.45:80/~root/
URL: http://137.66.32.45:80/Admin/
URL: http://137.66.32.45:80/bin/
URL: http://137.66.32.45:80/CFIDE/
URL: http://137.66.32.45:80/CVS/
URL: http://137.66.32.45:80/ddrint/
URL: http://137.66.32.45:80/dir/
URL: http://137.66.32.45:80/dl/
URL: http://137.66.32.45:80/dll/
URL: http://137.66.32.45:80/dm/
URL: http://137.66.32.45:80/DMR/
URL: http://137.66.32.45:80/dms/
URL: http://137.66.32.45:80/dms0/
URL: http://137.66.32.45:80/dmsdump/
URL: http://137.66.32.45:80/down/
URL: http://137.66.32.45:80/downloads/
Page 43 of 110
CVSS Compliance
Score Status
URL: http://137.66.32.45:80/dump/
URL: http://137.66.32.45:80/EXE/
URL: http://137.66.32.45:80/howto/
URL: http://137.66.32.45:80/hp-ux/
URL: http://137.66.32.45:80/images/
URL: http://137.66.32.45:80/img/
URL: http://137.66.32.45:80/imgs/
URL: http://137.66.32.45:80/img-sys/
URL: http://137.66.32.45:80/imp/
URL: http://137.66.32.45:80/import/
URL: http://137.66.32.45:80/intl/
URL: http://137.66.32.45:80/jrun/
URL: http://137.66.32.45:80/js/
URL: http://137.66.32.45:80/jsp/
URL: http://137.66.32.45:80/junk/
URL: http://137.66.32.45:80/links/
URL: http://137.66.32.45:80/linux/
URL: http://137.66.32.45:80/log/
URL: http://137.66.32.45:80/logging/
URL: http://137.66.32.45:80/logon/
URL: http://137.66.32.45:80/logs/
URL: http://137.66.32.45:80/lost+found/
URL: http://137.66.32.45:80/msql/
URL: http://137.66.32.45:80/msword/
URL: http://137.66.32.45:80/myaccount/
URL: http://137.66.32.45:80/mysql/
URL: http://137.66.32.45:80/OA_HTML/
URL: http://137.66.32.45:80/OA_JAVA/
URL: http://137.66.32.45:80/OA_MEDIA/
Page 44 of 110
CVSS Compliance
Score Status
URL: http://137.66.32.45:80/old/
URL: http://137.66.32.45:80/outgoing/
URL: http://137.66.32.45:80/ows/
URL: http://137.66.32.45:80/pdf/
URL: http://137.66.32.45:80/phorum/
URL: http://137.66.32.45:80/photo/
URL: http://137.66.32.45:80/php/
URL: http://137.66.32.45:80/pix/
URL: http://137.66.32.45:80/pls/
URL: http://137.66.32.45:80/po/
URL: http://137.66.32.45:80/priv/
URL: http://137.66.32.45:80/prv/
URL: http://137.66.32.45:80/pw/
URL: http://137.66.32.45:80/python/
URL: http://137.66.32.45:80/README/
URL: http://137.66.32.45:80/root/
URL: http://137.66.32.45:80/scripts/
URL: http://137.66.32.45:80/shipping/
URL: http://137.66.32.45:80/shopping/
URL: http://137.66.32.45:80/solutions/
URL: http://137.66.32.45:80/sql/
URL: http://137.66.32.45:80/squid/
URL: http://137.66.32.45:80/ssi/
URL: http://137.66.32.45:80/ssl/
URL: http://137.66.32.45:80/static/
URL: http://137.66.32.45:80/sun/
URL: http://137.66.32.45:80/support/
URL: http://137.66.32.45:80/sys/
Page 45 of 110
CVSS Compliance
Score Status
URL: http://137.66.32.45:80/temp/
URL: http://137.66.32.45:80/tiki/
URL: http://137.66.32.45:80/tmp/
URL: http://137.66.32.45:80/tools/
URL: http://137.66.32.45:80/uploads/
URL: http://137.66.32.45:80/us/
URL: http://137.66.32.45:80/usr/
URL: http://137.66.32.45:80/util/
URL: http://137.66.32.45:80/utils/
URL: http://137.66.32.45:80/windows/
URL: http://137.66.32.45:80/www/
URL: http://137.66.32.45:80/www-sql/
URL: http://137.66.32.45:80/xml/
URL: http://137.66.32.45:80/XSL/
Remediation:
14 HTTP Responses Missing 0.00 Info Pass Port: tcp/80

Character Encoding
During the crawl of the HTTP service, we detected HTML and/or XML
documents that were missing any indication of their character set
encoding. The server and the pages it serves are responsible for
indicating the character set used to encode the documents. Typically,
these are indicated within the "Content-type" HTTP header, a 'meta'
HTTP-equiv HTML tag, or an XML document encoding header. Without
these, some web browsers may attempt to guess the character set
encoding of the document by making a guess based on whats
available. The danger in this is when browsers guess the incorrect
Page 46 of 110
CVSS Compliance
Score Status
encoding, resulting in a misinterpretation of the document. In cases
where a webpage will reflect user-supplied information, an attacker
could provide a specially-crafted string that could trick a web browser
into decoding the document as a specific character set. If this specially-
crafted string were HTML code encoded in the character set, the
attacker could perform a cross-site scripting attack.
Service: http
Reference:
http://code.google.com/p/browsersec/wiki/Part2#Character_set_handlin
g_and_detection
http://wiki.whatwg.org/wiki/Web_Encodings
Evidence:
URL: http://137.66.32.45:80/pdf/
Remediation:
It's important that all documents served by the HTTP server provide the
correct character set for their encoding. The provided links will provide
information on the proper ways for indicating the character set
encoding.
Page 47 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
CPE: jquery:jquery
URI: /
Version: 3.2.1
Remediation:
Service: http
Evidence:
CPE: wordpress:wordpress
URI: /blog/
Version: 4.8
Remediation:
Page 48 of 110
CVSS Compliance
Score Status
robots.txt Some Web Servers use a file called /robot(s).txt to make search
requesting the /robot(s).txt file, an attacker may gain additional
information about the system they are attacking. Such information as,
restricted directories, hidden directories, cgi script directories and etc.
Service: http
Evidence:
URL: http://www.learningstrategies.com:80/robots.txt
Rule found: Disallow: /affiliateadd/
Rule found: Disallow: /CuteSoft_Client/
Rule found: Disallow: /dev/
Rule found: Disallow: /csedev/
Rule found: Disallow: /ftproot/
Remediation:
Take special care not to tell the robots not to index sensitive
directories, since this tells attackers exactly which of your directories
are sensitive.
accurately.
Page 49 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URL: http://www.learningstrategies.com/
Remediation:

Applications
server.
Service: http
Evidence:
Name: wordpress:wordpress
Version: 4.8
URL: http://www.learningstrategies.com:80/blog/
Name: jquery:jquery
Version: 3.2.1
URL: http://www.learningstrategies.com:80/
Page 50 of 110
CVSS Compliance
Score Status
Remediation:

Service: http
Evidence:
URL: http://www.learningstrategies.com:80/blog/
URL: http://www.learningstrategies.com:80/admin/
URL: http://www.learningstrategies.com:80/api/soap/?wsdl
URL: http://www.learningstrategies.com:80/Admin/
URL: http://www.learningstrategies.com:80/downloads/
URL: http://www.learningstrategies.com:80/images/
URL: http://www.learningstrategies.com:80/myaccount/
URL: http://www.learningstrategies.com:80/pdf/
URL: http://www.learningstrategies.com:80/scripts/
URL: http://www.learningstrategies.com:80/static/
URL: http://www.learningstrategies.com:80/temp/
Page 51 of 110
CVSS Compliance
Score Status
URL: http://www.learningstrategies.com:80/uploads/
Remediation:
21 Web Application Potentially 0.00 Info Pass Port: tcp/80

Sensitive CGI Parameter
Detection According to their names, some CGI parameters may control sensitive
data (e.g., ID, privileges, commands, prices, credit card data, etc.). In
the course of using an application, these variables may disclose
sensitive data or be prone to tampering that could result in privilege
escalation.
Service: http
Evidence:
Location: http://www.learningstrategies.com/FlyoutMenu.aspx?
ID=1
Parameter: ID (Possible unique ID; manipulation could allow
unauthorized access or user impersonation)
Remediation:
The parameters for this server should be examined to determine what
type of data is controlled and if it poses a security risk.
Page 52 of 110
CVSS Compliance
Score Status
Character Encoding During the crawl of the HTTP service, we detected HTML and/or XML
Service: http
Reference:
g_and_detection
Evidence:
URL: http://www.learningstrategies.com:80/pdf/
Remediation:
Page 53 of 110
CVSS Compliance
Score Status
encoding.
23 Non-HttpOnly Session 0.00 Info Pass Port: tcp/80

Cookies Identified
session cookies without the HttpOnly flag set. This means the session
identifier information in these cookies is susceptible to attacks such as
Cross-site Scripting which may allow attackers to read this cookie's
data.
CVSSv2: AV:N/AC:H/Au:N/C:N/I:N/A:N
Service: http
Reference:
http://msdn.microsoft.com/en-
us/library/system.web.httpcookie.httponly.aspx
https://www.owasp.org/index.php/HttpOnly
Evidence:
URL: http://www.learningstrategies.com/4Elements?aff=LSC17
Cookie Name: LS_PartnerCode
Cookie Value: partnerCode=LSC17&lastVisit=7/28/2017 11:36:43 AM
Cookie HttpOnly Flag: false
Remediation:
Contact the vendor of this web application and request the HttpOnly
flag be set on session cookies.
Page 54 of 110
CVSS Compliance
Score Status
24 Wildcard SSL Certificate 0.00 Info Pass Port: tcp/443

Detected
An SSL certificate with a wildcarded common name (CN) record (e.g.,
*.mydomain.com) was detected on this service.
Service: http
Evidence:
Subject: /C=US/ST=Minnesota/L=Minnetonka/O=Learning Strategies
Corporation/OU=IT/CN=*.learningstrategies.com
Issuer: /C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
Certificate Chain Depth: 0
Wildcard Subject Name: *.learningstrategies.com
Remediation:
Review your certificate configurations to assure that wildcard
certificates are suitable for your application.

Suites
SHA).
Page 55 of 110
CVSS Compliance
Score Status
Service: http
Reference:
Evidence:
Page 56 of 110
CVSS Compliance
Score Status
Remediation:

Service: http
Reference:
Evidence:
Remediation:
Service: http
Page 57 of 110
CVSS Compliance
Score Status
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Page 58 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URI: /
Version: 4.0.30319
Remediation:
accurately.
Service: http
Evidence:
URL: https://137.66.32.45/
Remediation:
Page 59 of 110
CVSS Compliance
Score Status

Applications
server.
Service: http
Remediation:

Service: http
Evidence:
URL: https://137.66.32.45:443/admin/
URL: https://137.66.32.45:443/api/soap/?wsdl
URL: https://137.66.32.45:443/Admin/
URL: https://137.66.32.45:443/bin/
Page 60 of 110
CVSS Compliance
Score Status
URL: https://137.66.32.45:443/downloads/
URL: https://137.66.32.45:443/images/
URL: https://137.66.32.45:443/lost+found/
URL: https://137.66.32.45:443/myaccount/
URL: https://137.66.32.45:443/pdf/
URL: https://137.66.32.45:443/scripts/
URL: https://137.66.32.45:443/static/
URL: https://137.66.32.45:443/temp/
URL: https://137.66.32.45:443/uploads/
Remediation:

Character Encoding
Page 61 of 110
CVSS Compliance
Score Status
Service: http
Reference:
g_and_detection
Evidence:
URL: https://137.66.32.45:443/pdf/
Remediation:
encoding.
Service: http
Evidence:
Page 62 of 110
CVSS Compliance
Score Status
CPE: jquery:jquery
URI: /
Version: 3.2.1
Remediation:
Service: http
Evidence:
URI: /blog/
Version: 4.8
Remediation:
accurately.
Page 63 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URL: https://www.learningstrategies.com/
Remediation:

Applications
server.
Service: http
Evidence:
Name: jquery:jquery
Version: 3.2.1
URL: https://www.learningstrategies.com:443/
Version: 4.8
URL: https://www.learningstrategies.com:443/blog/
Page 64 of 110
CVSS Compliance
Score Status
Remediation:

Service: http
Evidence:
URL: https://www.learningstrategies.com:443/blog/
URL: https://www.learningstrategies.com:443/admin/
URL: https://www.learningstrategies.com:443/api/soap/?w
sdl
URL: https://www.learningstrategies.com:443/Admin/
URL: https://www.learningstrategies.com:443/downloads/
URL: https://www.learningstrategies.com:443/images/
URL: https://www.learningstrategies.com:443/myaccount/
URL: https://www.learningstrategies.com:443/pdf/
URL: https://www.learningstrategies.com:443/scripts/
URL: https://www.learningstrategies.com:443/static/
Page 65 of 110
CVSS Compliance
Score Status
URL: https://www.learningstrategies.com:443/temp/
URL: https://www.learningstrategies.com:443/uploads/
Remediation:

escalation.
Service: http
Evidence:
Location: https://www.learningstrategies.com/FlyoutMenu.aspx
?ID=1
Remediation:
Page 66 of 110
CVSS Compliance
Score Status

Character Encoding
Service: http
Reference:
g_and_detection
Evidence:
URL: https://www.learningstrategies.com:443/pdf/
Remediation:
Page 67 of 110
CVSS Compliance
Score Status
encoding.
41 Non-Secure Session 0.00 Info Pass Port: tcp/443

Cookies Identified
session cookies without the Secure flag set over HTTPS connections.
This means the session identifier information in these cookies would be
transmitted even over unencrypted HTTP connections, which might
make them susceptible to interception and tampering.
Service: http
Reference:
https://www.owasp.org/index.php/SecureFlag
Evidence:
URL: https://www.learningstrategies.com/
Cookie Name: ASP.NET_SessionId
Cookie Value: qzs51jjlnpzeeem2mp3wmmsf
Cookie Secure Flag: false
Remediation:
Contact the vendor of this web application and request the Secure flag
be set on session cookies transmitted over HTTPS.
Page 68 of 110
CVSS Compliance
Score Status
Evidence:
Hostname: learningstrategies.com, Source: SSL Certificate Subject
subjectAltName DNS
Remediation:
137.66.32.46 (www.jeddahmali.com)
CVSS Compliance
Score Status

Header
Service: http
Reference:
Page 69 of 110
CVSS Compliance
Score Status
Remediation:

Header
Service: http
Reference:
Remediation:
Page 70 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:

Service: http
Reference:
Evidence:
Remediation:
Page 71 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Service: http
Evidence:
URI: /
Version: unknown
Page 72 of 110
CVSS Compliance
Score Status
Remediation:

Applications
server.
Service: http
Remediation:
8 SSL Certificate is Not 0.00 Info Pass Port: tcp/443

Trusted
It was not possible to validate the SSL certificate, and thus it could not
be trusted. Users may receive a security warning when using this
service. This occurs because either the certificate or a certificate in its
chain has issues that prevent validation. Some examples of these
issues are, but not limited to, a certificate having expired, the
hostname does not have match the name on the certificate, or the
certificate is not signed by a well-known Certificate Authority (CA).
Service: http
Evidence:
Page 73 of 110
CVSS Compliance
Score Status
Subject: /CN=www.paraliminal.com
Issuer: /C=US/O=GeoTrust Inc./OU=Domain Validated
SSL/CN=GeoTrust DV SSL CA - G3
Reason: The hostname on the certificate does not match any of the
hostnames provided to the scanner.
Remediation:
If this certificate is associated with a service accessible to the general
public, you may want to consider acquiring a certificate from a well-
known CA, and that it is not expired. Please note the port associated
with this finding. This finding may NOT be originating from port 443,
which is what most online testing tools check by default.
9 SSL Certificate Common 0.00 Info Pass Port: tcp/443

Name Does Not Validate
This SSL certificate has a common name (CN) that does not appear to
match the identity of the server. Modern browsers may present a
warning to users who attempt to browse this service as it is currently
configured. Note that in some networks in which load balancers are
used, it may not be possible for the scanner to perform this test
correctly.
Service: http
Evidence:
Subject: /CN=www.paraliminal.com
Issuer: /C=US/O=GeoTrust Inc./OU=Domain Validated
Page 74 of 110
CVSS Compliance
Score Status
Hostnames provided to scanner: www.jeddahmali.com, 137.66.32.46
Subject Name: www.paraliminal.com
Subject Alternative Name: www.paraliminal.com
Subject Alternative Name: paraliminal.com
Remediation:
Check your certificate to ensure it is installed on the correct service.
Verify that you have added the domain name or fully qualified virtual
host name of the system to your Network Questionnaire. Additionally,
check your DNS servers to ensure that the domain name is properly
mapped to the correct IP address. Please note the port associated with
this finding. This finding may NOT be originating from port 443, which
is what most online testing tools check by default.

Suites
SHA).

Page 75 of 110
CVSS Compliance
Score Status
Service: http
Reference:
Evidence:
Remediation:
Page 76 of 110
CVSS Compliance
Score Status
Evidence:
Hostname: www.paraliminal.com, Source: SSL Certificate Subject
Common Name
Hostname: www.paraliminal.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: paraliminal.com, Source: SSL Certificate Subject
subjectAltName DNS
Remediation:
137.66.32.48 (www.sedona.com)
CVSS Compliance
Score Status
1 Reflected Cross-Site 4.30 Medium Fail Port: tcp/443

Scripting Vulnerability
A reflected cross-site scripting vulnerability was identified in this web
application. Reflected cross-site scripting is when HTML or Javascript
content is supplied to a user defined parameter to have it then
displayed (aka: reflected) back to the user and rendered or interpreted
by their browser.
This web site responded to a harmless web request that included

Javascript/HTML which was reflected back, indicating that the
underlying web application may be vulnerable to being used in a cross-
site scripting (XSS) attack. While this vulnerability does not exploit the
web server itself, it can be utilized by an attacker to target end-users
and potentially take over their sessions or other sensitive information.
Page 77 of 110
CVSS Compliance
Score Status
A simple proof of concept example of this would be for a user to supply

"<script>alert('123')</script>" to a user defined parameter and then
upon submission, a message box would pop-up for the user because
the user defined content was used to modify the content of the
responding page.
Cross-site scripting can be found in many different forms and

combinations so the full request and response that was used
demonstrate this vulnerability has been provided below as evidence.
All Cross-Site Scripting vulnerabilities are considered non-compliant by

PCI.
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N
Service: http
Reference:
http://www.cert.org/advisories/CA-2000-02.html
http://www.owasp.org/index.php/Cross-site_scripting
http://www.owasp.org/index.php/Data_Validation
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Evidence:
URL: https://www.sedona.com/Register.aspx
Parameter: r
Request: GET /Register.aspx?r=<script>alert('TK0000009D')</script>
HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Page 78 of 110
CVSS Compliance
Score Status
Host: www.sedona.com
Content-Type: text/html
Content-Length: 0
Response: HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
Set-Cookie: ASP.NET_SessionId=aq2mqkjjrce5v3wz1whcelnj; path=/;
HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 28 Jul 2017 16:57:54 GMT
Content-Length: 31757
Evidence: <script>alert('TK0000009D')</script>
Remediation:
Before accepting any user-supplied data, the application should
validate this data's format and reject any characters that are not
explicitly allowed (i.e. a white-list). This list should be as restrictive as
possible. Before using any data (stored or user-supplied) to generate
web page content, the application should escape all non alpha-numeric
characters (i.e. output-validation). This is particularly important when
the original source of data is beyond the control of the application.
Even if the source of the data isn't performing input-validation, output-
validation will still prevent XSS.
Please note that the listing of XSS vulnerabilities is not an exhaustive

list, and other XSS vulnerabilities may exist in the application.
Page 79 of 110
CVSS Compliance
Score Status

Header
Service: http
Reference:
Remediation:

Header
Service: http
Page 80 of 110
CVSS Compliance
Score Status
Reference:
Remediation:

for Password Fields
Service: http
Reference:
n
Evidence:
Location: https://www.sedona.com/iFrames/Register.aspx?Retu
rn=account&T=636368386166540610&r=l
Action: https://www.sedona.com/iFrames/Register.aspx?
Page 81 of 110
CVSS Compliance
Score Status
Action: Return=account&T=636368386166540610&r=l
Remediation:
"off".


for Password Fields
Service: http
Reference:
n
Evidence:
Location: https://www.sedona.com/iFrames/Register.aspx?Retu
rn=account&T=636368386188692761&r=
Page 82 of 110
CVSS Compliance
Score Status
Action: https://www.sedona.com/iFrames/Register.aspx?Retu
rn=account&T=636368386188692761&r=
Remediation:
"off".


for Password Fields
Service: http
Reference:
n
Evidence:
Location: https://www.sedona.com/Login.aspx
Page 83 of 110
CVSS Compliance
Score Status
Action: https://www.sedona.com:443/Login.aspx
Remediation:
"off".


for Password Fields
Service: http
Reference:
n
Evidence:
Location: https://www.sedona.com/index.php/admin
Page 84 of 110
CVSS Compliance
Score Status
Action: https://www.sedona.com:443/index.php/admin
Remediation:
"off".

Service: http
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
Page 85 of 110
CVSS Compliance
Score Status
Service: http
Reference:
Evidence:
Remediation:
Service: http
Evidence:
CPE: jquery:jquery
URI: /
Version: 3.2.1
Page 86 of 110
CVSS Compliance
Score Status
Remediation:
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Service: http
Evidence:
Page 87 of 110
CVSS Compliance
Score Status
URI: /
Version: 4.0.30319
Remediation:
Service: http
Evidence:
URI: /sedonamethodblog/
Version: 4.8
Remediation:

robots.txt
Some Web Servers use a file called /robot(s).txt to make search
requesting the /robot(s).txt file, an attacker may gain additional
information about the system they are attacking. Such information as,
Page 88 of 110
CVSS Compliance
Score Status
restricted directories, hidden directories, cgi script directories and etc.
Service: http
Evidence:
URL: http://www.sedona.com:80/robots.txt
Rule found: Disallow: /affiliateadd/
Rule found: Disallow: /CuteSoft_Client/
Rule found: Disallow: /dev/
Rule found: Disallow: /csedev/
Rule found: Disallow: /ftproot/
Remediation:
Take special care not to tell the robots not to index sensitive
directories, since this tells attackers exactly which of your directories
are sensitive.
accurately.
Service: http
Page 89 of 110
CVSS Compliance
Score Status
Evidence:
URL: http://www.sedona.com/
Remediation:

Applications
server.
Service: http
Evidence:
Name: jquery:jquery
Version: 3.2.1
URL: http://www.sedona.com:80/
Version: 4.8
URL: http://www.sedona.com:80/sedonamethodblog/
Remediation:
Page 90 of 110
CVSS Compliance
Score Status

Service: http
Evidence:
URL: http://www.sedona.com:80/admin/
URL: http://www.sedona.com:80/api/soap/?wsdl
URL: http://www.sedona.com:80/Admin/
URL: http://www.sedona.com:80/downloads/
URL: http://www.sedona.com:80/images/
URL: http://www.sedona.com:80/myaccount/
URL: http://www.sedona.com:80/pdf/
URL: http://www.sedona.com:80/scripts/
URL: http://www.sedona.com:80/sitebuilderpictures/
URL: http://www.sedona.com:80/static/
URL: http://www.sedona.com:80/temp/
URL: http://www.sedona.com:80/uploads/
Remediation:
Page 91 of 110
CVSS Compliance
Score Status

escalation.
Service: http
Evidence:
Location: http://www.sedona.com/FlyoutMenu.aspx?ID=1
Remediation:

Character Encoding
Page 92 of 110
CVSS Compliance
Score Status
Service: http
Reference:
g_and_detection
Evidence:
URL: http://www.sedona.com:80/pdf/
Remediation:
encoding.

Suites
Page 93 of 110
CVSS Compliance
Score Status
SHA).

Service: http
Reference:
Evidence:
Page 94 of 110
CVSS Compliance
Score Status
Remediation:

Service: http
Reference:
Evidence:
Remediation:
Page 95 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
CPE: microsoft:iis
URI: /
Version: 8.0
Remediation:
Service: http
Evidence:
URI: /
Version: unknown
Remediation:
Page 96 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
URI: /
Version: 4.0.30319
Remediation:
accurately.
Service: http
Page 97 of 110
CVSS Compliance
Score Status
Evidence:
URL: https://137.66.32.48/
Remediation:

Applications
server.
Service: http
Remediation:

Service: http
Page 98 of 110
CVSS Compliance
Score Status
Evidence:
URL: https://137.66.32.48:443/admin/
URL: https://137.66.32.48:443/api/soap/?wsdl
URL: https://137.66.32.48:443/Admin/
URL: https://137.66.32.48:443/bin/
URL: https://137.66.32.48:443/downloads/
URL: https://137.66.32.48:443/images/
URL: https://137.66.32.48:443/lost+found/
URL: https://137.66.32.48:443/myaccount/
URL: https://137.66.32.48:443/pdf/
URL: https://137.66.32.48:443/scripts/
URL: https://137.66.32.48:443/static/
URL: https://137.66.32.48:443/temp/
URL: https://137.66.32.48:443/uploads/
Remediation:

Character Encoding
Page 99 of 110
CVSS Compliance
Score Status
Service: http
Reference:
g_and_detection
Evidence:
URL: https://137.66.32.48:443/pdf/
Remediation:
encoding.
Page 100 of 110
CVSS Compliance
Score Status
Service: http
Evidence:
CPE: jquery:jquery
URI: /
Version: 3.2.1
Remediation:
Service: http
Evidence:
URI: /sedonamethodblog/
Version: 4.8
Remediation:
Page 101 of 110
CVSS Compliance
Score Status
accurately.
Service: http
Evidence:
URL: https://www.sedona.com/
Remediation:

Applications
server.
Service: http
Page 102 of 110
CVSS Compliance
Score Status
Evidence:
Name: jquery:jquery
Version: 3.2.1
URL: https://www.sedona.com:443/
Version: 4.8
URL: https://www.sedona.com:443/sedonamethodblog/
Remediation:

Service: http
Evidence:
URL: https://www.sedona.com:443/admin/
URL: https://www.sedona.com:443/api/soap/?wsdl
URL: https://www.sedona.com:443/Admin/
URL: https://www.sedona.com:443/downloads/
URL: https://www.sedona.com:443/images/
Page 103 of 110
CVSS Compliance
Score Status
URL: https://www.sedona.com:443/myaccount/
URL: https://www.sedona.com:443/pdf/
URL: https://www.sedona.com:443/scripts/
URL: https://www.sedona.com:443/securecontrolpanel/
URL: https://www.sedona.com:443/sitebuildercontent/
URL: https://www.sedona.com:443/sitebuilderpictures/
URL: https://www.sedona.com:443/static/
URL: https://www.sedona.com:443/temp/
URL: https://www.sedona.com:443/uploads/
Remediation:

escalation.
Service: http
Evidence:
Location: https://www.sedona.com/FlyoutMenu.aspx?ID=1
Page 104 of 110
CVSS Compliance
Score Status
Remediation:

Character Encoding
Service: http
Reference:
g_and_detection
Page 105 of 110
CVSS Compliance
Score Status
Evidence:
URL: https://www.sedona.com:443/pdf/
Remediation:
encoding.
36 Non-Secure Session 0.00 Info Pass Port: tcp/443

Cookies Identified
session cookies without the Secure flag set over HTTPS connections.
This means the session identifier information in these cookies would be
transmitted even over unencrypted HTTP connections, which might
make them susceptible to interception and tampering.
Service: http
Reference:
https://www.owasp.org/index.php/SecureFlag
Evidence:
URL: https://www.sedona.com/
Cookie Name: ASP.NET_SessionId
Cookie Value: qfmywgjhqkufocijvjctc0qm
Page 106 of 110
CVSS Compliance
Score Status
Cookie Secure Flag: false
Remediation:
Contact the vendor of this web application and request the Secure flag
be set on session cookies transmitted over HTTPS.
Evidence:
Hostname: www.sedona.com, Source: SSL Certificate Subject Common
Name
Hostname: www.sedona.com, Source: SSL Certificate Subject
subjectAltName DNS
Hostname: sedona.com, Source: SSL Certificate Subject
subjectAltName DNS
Remediation:
Page 107 of 110
Part 5a. Web Servers
It is important to pay special attention to the security of your Web servers. This section provides a convenient list of all of the Web servers found in the course of the
network scan based on the locations you specified in your scan setup. Information profiled includes the server type (e.g., Microsoft IIS or Apache) and the title of the default
Web page. Some tips for using this information are below.
You should ensure that all Web servers listed in this section are authorized and intended to be running in your network since many systems will inadvertently be
configured with some type of Web server when they are installed.
In addition, many network devices (e.g., routers, switches and print servers) may have Web-based management interfaces of which you may not have been aware.
Whenever possible, unused Web interfaces should be disabled or, at a minimum, password protected.
Review the "Port" column and make sure that any sites that should be secure are using port 443 (HTTPS, or "Secure Web") to encrypt the web sessions.
Special Note: If you are using load balancers for your web sites to spread the web traffic across multiple servers, it is your responsibility to ensure that the configuration of
the environment behind your load balancers is synchronized, or to ensure that the environment is scanned as part of the internal vulnerability scans required by PCI DSS.
System IP
# Domain Name Port Server Type Default Status and Title/Redirect
Address
1 137.66.32.44 tcp / 80 microsoft:iis 301 Moved Permanently - Document Moved

(www.photoreadi
ng.com)
2 137.66.32.44 tcp / 443 microsoft:iis 301 Moved Permanently - Document Moved

(www.photoreadi
ng.com)
3 137.66.32.45 learningstrategies.com tcp / 80 microsoft:iis 302 Found - Object moved

(www.learningstr
ategies.com)
4 137.66.32.45 learningstrategies.com tcp / 443 microsoft:iis 302 Found - Object moved

(www.learningstr
ategies.com)
Page 108 of 110
System IP
# Domain Name Port Server Type Default Status and Title/Redirect
Address
5 137.66.32.46 tcp / 80 microsoft:iis 404 Not Found - Not Found

(www.jeddahmali
.com)
6 137.66.32.46 tcp / 443 404 Not Found - Not Found

(www.jeddahmali
.com)
7 137.66.32.48 tcp / 80 microsoft:iis 404 Not Found - Not Found

(www.sedona.co
m)
8 137.66.32.48 tcp / 443 microsoft:iis 302 Found - Object moved

(www.sedona.co
m)
Part 5b. SSL Certificate Information
Several network services, most notably HTTPS ("Secure Web"), employ certificates which contain information about the service which can be used by connecting clients to
authenticate the identity of the server. For Web servers, the certificate is intended to authenticate the domain name (e.g., www.yoursite.com) of a web site. For example, a
home banking application should be run on a web server which provides a certificate to its clients' Web browsers proving that the web server they are connected to is
actually the one they intended to use.
In order to provide users with confidence in the site they are visiting, the certificate should be issued by a well-known certificate authority instead of self-generated. In some
cases, such as in a private network, self-generated certificates may be used; however, those users should have confidence in the internal issuing authority.
This table provides a summary of the certificates found in your network, including expiration date and issuer of each certificate.
# Service Common Name Expires Details
1 137.66.32.46 : 443 (http) www.paraliminal.com 2019-08-21 18:59 Issued to: /CN=www.paraliminal.com

(www.jeddahmali.com) Issued by: /C=US/O=GeoTrust Inc./OU=Domain Validated
Fingerprint: FB:EB:86:F0:82:7D:A8:5B:BD:75:2E:8A:9E:4C:3A:
Page 109 of 110
# Service Common Name Expires Details
85
2 137.66.32.44 : 443 (http) www.photoreading.com 2018-02-28 00:42 Issued to: /CN=www.photoreading.com

(www.photoreading.com) Issued by: /C=US/O=GeoTrust Inc./OU=Domain Validated
Fingerprint: 75:FB:43:37:5C:9E:67:11:01:3C:7A:52:88:AE:DE:6
1
3 137.66.32.48 : 443 (http) www.sedona.com 2017-11-18 17:59 Issued to: /CN=www.sedona.com
(www.sedona.com) Issued by: /C=US/O=GeoTrust Inc./OU=Domain Validated
Fingerprint: 3A:86:F3:9B:77:6D:3B:1F:E9:31:4D:75:66:50:6C:E
6
4 137.66.32.45 : 443 (http) *.learningstrategies.com 2018-06-12 18:59 Issued to: /C=US/ST=Minnesota/L=Minnetonka/O=Learning
(www.learningstrategies.co Strategies
m) Corporation/OU=IT/CN=*.learningstrategies.com
Issued by: /C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
Fingerprint: C2:9B:70:13:FF:D0:16:BC:83:36:BB:B9:90:9E:08:
A7
Part 6. Disputed Vulnerability & Policy Violations
The following vulnerabilities and policy violations were successfully disputed by you and have been removed from the scoring of your report. These items no longer affect
any compliance assessment that this report may support. All disputes listed here were approved based on information which you have provided and represented and
warranted to be complete and accurate.
# Severity IP Address & Port Expires Detail
No disputes found that have been removed from the scoring of this report.
Page 110 of 110
ASV Feedback Form
This form is used to review ASVs and their work product, and is intended to be completed
after a PCI Scanning Service by the ASV client. While the primary audience of this form are
ASV scanning clients (merchants or service providers), there are several questions at the end,
under "ASV Feedback Form for Payment Brands and Others," to be completed as needed by
Payment Brand participants, banks, and other relevant parties. This form can be obtained
directly from the ASV during the PCI Scanning Service, or can be found online in a usable
format at https://www.pcisecuritystandards.org. Please send this completed form to PCI SSC
at: asv@pcisecuritystandards.org.
ASV FEEDBACK FORM
Client Name (merchant or service Approved Scanning Vendor Company

provider): (ASV):
Name Name
Contact Contact
Telephone Telephone
E-Mail E-Mail
Business location where assessment took

ASV employee who performed assessment:
place:
Street Name
City Telephone
State/Zip E-Mail
For each question, please indicate the response that best reflects your experience and
provide comments.
4 = Strongly Agree 3 = Agree 2 = Disagree 1 = Strongly Disagree
1) During the initial engagement, did the ASV explain the objectives, timing, and
review process, and address your questions and concerns?
Response:
Comments:
Page 1 of 5
2) Did the ASV employee(s) understand your business and technical environment, and
the payment card industry?
Response:
Comments:
3) Did the ASV employee(s) have sufficient security and technical skills to effectively
perform this PCI Scanning Service?
Response:
Comments:
4) Did the ASV sufficiently understand the PCI Data Security Standard and the PCI
Security Scanning Procedures?
Response:
Comments:
5) Did the ASV effectively minimize interruptions to operations and schedules?
Response:
Comments:
6) Did the ASV provide an accurate estimate for time and resources needed?
Response:
Comments:
7) Did the ASV provide an accurate estimate for scan report delivery?
Response:
Comments:
ASV Feedback Form Page 2 of 5

8) Did the ASV attempt to market products or services for your company to attain PCI
compliance?
Response:
Comments:
9) Did the ASV imply that use of a specific brand of commercial product or service was
necessary to achieve compliance?
Response:
Comments:
10) In situations where remediation was required, did the ASV present product and/or
solution options that were not exclusive to their own product set?
Response:
Comments:
11) Did the ASV use secure transmission to send any confidential reports or data?
Response:
Comments:
12) Did the ASV demonstrate courtesy, professionalism, and a constructive and
positive approach?
Response:
Comments:
13) Was there sufficient opportunity for you to provide explanations and responses
during the scans?
Response:
Comments:

14) During the review wrap-up, did the ASV clearly communicate findings and
expected next steps?
Response:
Comments:
15) Did the ASV provide sufficient follow-up to address false positives until eventual
scan compliance was achieved?
Response:
Comments:
Please provide any additional comments here about the ASV, your PCI Scanning Service,
or the PCI documents.

ASV FEEDBACK FORM FOR PAYMENT BRANDS AND OTHERS
Name of ASV Client (merchant or service

ASV Company Name:
provider reviewed):
Payment Brand Reviewer: ASV employee who performed assessment:
Name Name
Telephone Telephone
E-Mail E-Mail
For each question, please indicate the response that best reflects your experience and
provide comments.
4 = Strongly Agree 3 = Agree 2 = Disagree 1 = Strongly Disagree
1) Does the ASV clearly understand how to notify your payment brand about
compliance and non-compliance issues, and the status of merchants and service
providers?
Response:
Comments:
2) Did you receive any complaints about ASV activities related to this scan?
Response:
Comments:
3) Did the ASV demonstrate sufficient understanding of the PCI Data Security
Standard and the PCI Security Scanning Procedures?
Response:
Comments:

Trustwave Asv Report 072817

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Trustwave Asv Report 072817

Caricato da

Copyright:

Formati disponibili

Report Date: 2017-07-31

Vulnerability Scan Report: Attestation of Compliance

ZIP/Postal Code: 55305 Country: US ZIP/Postal Code: 60602 Country: US

Fail Scan Compliance Status

Scan Customer Attestation Approved Scanning Vendor Attestation

Signature Printed Name

Vulnerability Scan Report: Table of Contents

Part 1. Scan Information 3

Part 2. Component Compliance Summary 3

Part 3a. Vulnerabilities Noted for Each IP Address 4

Part 3b. Special Notes by IP Address 11

Part 1. Scan Information 12

Part 2. Scan Inventory (Accessible Systems and Services) 12

Part 3a. Previous Scan Targets (Not Scanned) 13

Part 3b. Discovered Scan Targets (Not Scanned) 13

Part 3c. Load Balancers 15

Part 4. Vulnerability & Policy Violations 16

Part 5a. Web Servers 108

Part 5b. SSL Certificate Information 109

Part 6. Disputed Vulnerability & Policy Violations 110

Vulnerability Scan Report: Executive Summary

Part 1. Scan Information

Scan Customer Company Learning Strategies Corporation

ASV Company Trustwave Holdings, Inc.

Scan Compliance Status Fail

Date Scan Completed 2017-07-28

Scan Expiration Date N/A

Part 2. Component Compliance Summary

70.57.156.206 (Office2 The location passed because it is hidden from our

3 Pass www.photoreading.com Web Site 137.66.32.44 Domain Name 0 0 0 2 21

5 Not In Scope www.jeddahmali.com Web Site 137.66.32.46 Domain Name 0 0 0 2 9

6 Fail www.sedona.com Web Site 137.66.32.48 Domain Name 0 0 1 6 30

Vulnerability Scan Report: Executive Summary

Total PCI Vulnerabilities 0 0 2 0 0

Part 3a. Vulnerabilities Noted for Each IP Address

CVSS Compliance Exceptions, False Positives, or Compensating Controls Noted by the

2 137.66.32.44 Discovered HTTP Methods Info 0.00 Pass

3 137.66.32.44 Discovered Web Applications Info 0.00 Pass

4 137.66.32.44 Discovered Web Directories Info 0.00 Pass

Note to scan customer:

Vulnerability Scan Report: Executive Summary

CVSS Compliance Exceptions, False Positives, or Compensating Controls Noted by the

6 137.66.32.44 Enumerated Hostnames Info 0.00 Pass

7 137.66.32.44 Enumerated SSL/TLS Cipher Info 0.00 Pass

8 137.66.32.44 Information Disclosure via Info 0.00 Pass

Note to scan customer:

10 137.66.32.44 URLScan Detected Info 0.00 Pass

Consolidated Solution/Correction Plan for the above IP Address:

Note to scan customer:

Vulnerability Scan Report: Executive Summary

CVSS Compliance Exceptions, False Positives, or Compensating Controls Noted by the

Note to scan customer:

14 137.66.32.45 Discovered HTTP Methods Info 0.00 Pass

15 137.66.32.45 Discovered Web Applications Info 0.00 Pass

16 137.66.32.45 Discovered Web Directories Info 0.00 Pass

Note to scan customer:

18 137.66.32.45 Enumerated Hostnames Info 0.00 Pass

Vulnerability Scan Report: Executive Summary

CVSS Compliance Exceptions, False Positives, or Compensating Controls Noted by the

19 137.66.32.45 Enumerated SSL/TLS Cipher Info 0.00 Pass

20 137.66.32.45 HTTP Responses Missing Info 0.00 Pass

21 137.66.32.45 Information Disclosure via Info 0.00 Pass

Note to scan customer:

23 137.66.32.45 Non-Secure Session Cookies Info 0.00 Pass