Proventia 100's have four interfaces, two used to monitor/pass traffic,
one to administer the Proventia appliance and one to send RSKills (only
used when not in inline appliance configuration). Proventia can be
configured as "passive monitoring" or "inline appliance." When you
configure it as an inline appliance, its presence on the network is
invisible from the two monitor/pass-through ports. That leaves the
administration port, which has three ports open: 22/tcp (SSH 1.9),
901/tcp and 2298/tcp. No Apache web server (vuln #1 and #3) and no SSH
daemon version 1.33 or 1.5 (vuln #2) on this box.

Could it be that your external penetration test sent traffic *through*
the Proventia to devices behind the Proventia? Alternately, the pen test
is flawed - but try to convince them of that.

Mick T



-----Original Message-----
From: issforum-bounces@atla...
[mailto:issforum-bounces@atla...] On Behalf Of Jagadeeshan S
Sent: Wednesday, May 16, 2007 12:52 PM
To: issforum@atla...
Subject: [ISSForum] Reg Vulnerability in Proventia G100.


Hi,



Can anybody provide solution for the scenario which I face?

Some third-party has done Vulnerability Assessment and Penetration
Testing on my Proventia G100 box.

The report shows the following vulnerabilities on the box.



1. Vulnerability:  Enumeration of user name through Apache Web
Server.

Description:    When tried to access the default home page, with random
user names, the web server throws the error message, which can be used
for enumeration of existing users in server.



2.   Vulnerability:  Session key retrieval vulnerability.

            Description:    Remote SSH daemon supports version 1.33
and/or 1.5 which is not safe to use.



3.   Vulnerability:  Web server supporting weak encryption protocol.

            Description:   The remote service accepts connection
encrypted using SSL 2.0 which is prone to several cryptographic flaws.



I was much confused about my box.

Does the box can have such this type of vulnerability? If so, kindly
tell me how to remove such vulnerabilities.

How does the box can have web server?



Please explain in detail as I am in confused state.





Regards,

Jaggs.





_______________________________________________
ISSForum mailing list
ISSForum@atla...

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss....

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@atla...

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss....

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.