Scribd
Upload
15 views3 pages

gemini_generated_report

The Nuclei scan report for nu.edu.pk identifies several security issues, including missing security headers, deprecated TLS versions, and the absence of Subresource Integrity checks, which pose significant risks. Although no critical vulnerabilities were found, the presence of an ASP.NET debug page could expose sensitive information. Immediate remediation is recommended to address these high severity issues and strengthen overall security posture.

Uploaded by

k224792 Rana Ismail Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views3 pages

gemini_generated_report

The Nuclei scan report for nu.edu.pk identifies several security issues, including missing security headers, deprecated TLS versions, and the absence of Subresource Integrity checks, which pose significant risks. Although no critical vulnerabilities were found, the presence of an ASP.NET debug page could expose sensitive information. Immediate remediation is recommended to address these high severity issues and strengthen overall security posture.

Uploaded by

k224792 Rana Ismail Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Nuclei Scan Report for nu.edu.

pk
Date: 2024-03-08 (Generated based on provided data, actual scan date unknown)
Target: nu.edu.pk
This report summarizes the findings of a Nuclei scan against nu.edu.pk. It
categorizes identified issues by severity and provides detailed information about
each finding.

Executive Summary
The scan revealed several informational findings related to DNS, HTTP, SSL/TLS,
and various services. Most notably, the website lacks crucial security headers,
uses deprecated TLS versions (1.0 and 1.1), and includes external resources
without Subresource Integrity (SRI) checks. While no critical vulnerabilities
were identified in this particular scan output, the missing security headers
and outdated TLS versions represent significant security risks that should be
addressed immediately. An ASP.NET debug page was also identified, potentially
exposing sensitive information.

High Severity Issues


• Missing Security Headers (HTTP): The absence of several key HTTP
security headers increases the website’s susceptibility to various attacks, in-
cluding Cross-Site Scripting (XSS), Clickjacking, and other web application
vulnerabilities. The following headers are missing:
– Content-Security-Policy
– Permissions-Policy
– X-Frame-Options
– X-Permitted-Cross-Domain-Policies
– Referrer-Policy
– Clear-Site-Data
– Cross-Origin-Opener-Policy
– Strict-Transport-Security (HSTS)
– X-Content-Type-Options
– Cross-Origin-Embedder-Policy
– Cross-Origin-Resource-Policy
• Deprecated TLS Versions (SSL): Support for TLS 1.0 and 1.1 is
deprecated due to known vulnerabilities. These outdated protocols should
be disabled, and only TLS 1.2 or higher should be enabled. The use of
TLS 1.0 and 1.1 exposes the website to attacks like POODLE and BEAST.
• Missing Subresource Integrity (SRI) (HTTP): The website loads
external JavaScript and CSS resources without SRI hashes. This lack
of integrity checks means that a compromised Content Delivery Network

1
(CDN) or a Man-in-the-Middle (MitM) attack could inject malicious code
into these resources, affecting website visitors.
• Potential Information Disclosure (ASP.NET Debug Mode):
The presence of https://nu.edu.pk/Foobar-debug.aspx suggests that
ASP.NET debug mode might be enabled. This can expose sensitive
information about the application’s configuration and internal workings.
This should be investigated and disabled immediately if found to be active
debug mode.

Medium Severity Issues (None identified in this scan output)


Low Severity Issues
• Weak Cipher Suites (SSL): The use of TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
with TLS 1.0 and 1.1 is considered weak due to its susceptibility to certain
attacks. While not as critical as using the deprecated protocols themselves,
these cipher suites should be replaced with stronger alternatives.

Informational Findings
• DNS Information:
– Nameservers: n1.comsats.net.pk, n2.comsats.net.pk
– DMARC Record: Present (p=quarantine)
– SPF Record: Present (v=spf1 include:_spf.google.com ~all)
– MX Records: Using Google Apps
• HTTP Information:
– Technologies Detected: Lightbox, YouTube, Owl Carousel, Font Awe-
some, Animate.css, Bootstrap, Google Font API, MS-IIS
– Microsoft IIS Version: 10.0
– ASP.NET Version: 4.0.30319
– Azure Domain Tenant: a1e3cc4f-47e2-4e32-a7a1-5b14136b160b
– WAF Detected: ASPGeneric
• TCP Information:
– IMAP: Open (port 143)
– FTP: Open (port 21) - Microsoft FTP Service
– POP3: Open (port 110)
• SSL Information:
– Issuer: DigiCert Inc
– DNS Names: nu.edu.pk, *.nu.edu.pk
– Wildcard TLS Certificate: Present

Remediation Recommendations
• Prioritize fixing the High Severity issues immediately. Imple-
ment the missing HTTP security headers, disable TLS 1.0 and 1.1, add
SRI hashes to external resources, and investigate and disable any active
ASP.NET debug mode.

2
• Review and strengthen the cipher suites used for TLS.
• Regularly scan for vulnerabilities and keep software up-to-date.
This report provides a snapshot of the security posture of nu.edu.pk based on
the provided Nuclei scan data. Further investigation and penetration testing are
recommended to comprehensively assess the security of the target.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy