Table of Contents
  • Introduction..... 3
  • Summary of Findings......... 3
  • Network Assessment.......... 4
  • Information Gathering... 4
  • Port Scanning ................ 4
  • ICMP Packet Filtering... 5
  • SSL Security Analysis ....... 6
  • HTTPS Not Enforced .... 6
  • SSL Protocol/Cipher Suite Evaluation ................ 6
  • Web Application Security.. 9
  • Content Analysis ........... 9
  • Malicious Input/SQL Injection......... 9
  • Information Leakage ..... 9
  • Cross-Site Scripting..... 10
  • Web Server Assessment... 12
  • Apache Tomcat Directory Traversal ................. 12
  • Apache Tomcat Directory Listing (CVE-2006-3835).......... 12
  • Apache Tomcat Buffer Overflow (CVE-2007-0774) .......... 12
  • Web Server Configuration ............. 12