<plugin_id>198</plugin_id>
<plugin_name>Symantec Raptor Firewall 6.5 Simple Secure Web Server detection</plugin_name>
<plugin_family>Firewalls</plugin_family>
<plugin_created_date>2004/09/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/14</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1. Improved the pattern matching and introduced the plugin changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send ATK plugin 198 test request HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/1.1 ### *Server: Simple, Secure Web Server 1.1*</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>Check is inspired by the Nessus plugin.</plugin_comment>
<bug_affected>Symantec Raptor Firewall 6.5</bug_affected>
<bug_not_affected>Other solutions and maybe the newer Symantec Enterprise Firewall 7.x</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The target host seems to be a Symantec Raptor Firewall 6.5 with a running Simple Secure Web Server.  The server banner of Raptor FW version 6.5 is always "Simple, Secure Web Server 1.1". An attacker may use this information to start further investigation or dedicated attacks.</bug_description>
<bug_solution>You should upgrade your Symantec Raptor Firewall 6.5 to the new Symantec Enterprise Firewall 7.x or newer. Also limit unwanted connections and communications with ACL and firewalling. A filter may prevent such an enumeration at an external interface.</bug_solution>
<bug_fixing_time>Approx. 45 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>7</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check.</bug_check_tool>
<source_nessus_id>10730</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>