Burp Scanner Report

Summary

The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.

    Confidence
    Certain Firm Tentative Total
Severity High 0 0 0 0
Medium 0 0 0 0
Low 1 0 0 1
Information 3 0 0 3

The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.

    Number of issues
    0 1 2 3 4
Severity High
 
Medium
 
Low
 

Contents

1. TLS certificate

2. Cross-domain script include

2.1. https://sut.maracaibo.gob.ve/

2.2. https://sut.maracaibo.gob.ve/robots.txt

3. Credit card numbers disclosed


1. TLS certificate
Next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://sut.maracaibo.gob.ve
Path:   /

Issue detail

The following problem was identified with the server's TLS certificate:The server presented the following certificates:

Server certificate

Issued to:  sut.maracaibo.gob.ve
Issued by:  R3
Valid from:  Fri Nov 19 22:57:15 VET 2021
Valid to:  Thu Feb 17 22:57:14 VET 2022

Certificate chain #1

Issued to:  R3
Issued by:  ISRG Root X1
Valid from:  Thu Sep 03 20:00:00 VET 2020
Valid to:  Mon Sep 15 12:00:00 VET 2025

Certificate chain #2

Issued to:  ISRG Root X1
Issued by:  DST Root CA X3
Valid from:  Wed Jan 20 15:14:03 VET 2021
Valid to:  Mon Sep 30 14:14:03 VET 2024

Certificate chain #3

Issued to:  DST Root CA X3
Issued by:  DST Root CA X3
Valid from:  Sat Sep 30 17:12:19 VET 2000
Valid to:  Thu Sep 30 10:01:15 VET 2021

Issue background

TLS (or SSL) helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an TLS certificate that is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, TLS connections to the server will not provide the full protection for which TLS is designed.

It should be noted that various attacks exist against TLS in general, and in the context of HTTPS web connections in particular. It may be possible for a determined and suitably-positioned attacker to compromise TLS connections without user detection even when a valid TLS certificate is used.

References

Vulnerability classifications

2. Cross-domain script include
Previous  Next

There are 2 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should ideally not be included from untrusted domains. Applications that rely on static third-party scripts should consider using Subresource Integrity to make browsers verify them, or copying the contents of these scripts onto their own domain and including them from there. If that is not possible (e.g. for licensing reasons) then consider reimplementing the script's functionality within application code.

References

Vulnerability classifications



2.1. https://sut.maracaibo.gob.ve/
Next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sut.maracaibo.gob.ve
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: sut.maracaibo.gob.ve
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Connection: close
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Connection: close
Server: nginx
Date: Sun, 02 Jan 2022 15:35:49 GMT
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 28 Dec 2021 15:18:13 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600;
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none';
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=1800
Etag: W/"61cb2ab5-976"
Via: 1.1 vegur
Content-Length: 2422

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/logo_sut.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content=
...[SNIP]...
</script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/less.js/2.7.2/less.min.js"></script>
...[SNIP]...
2.2. https://sut.maracaibo.gob.ve/robots.txt
Previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sut.maracaibo.gob.ve
Path:   /robots.txt

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /robots.txt HTTP/1.1
Host: sut.maracaibo.gob.ve
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Connection: close
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Connection: close
Server: nginx
Date: Sun, 02 Jan 2022 15:35:36 GMT
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 28 Dec 2021 15:18:13 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600;
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none';
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=1800
Etag: W/"61cb2ab5-976"
Via: 1.1 vegur
Content-Length: 2422

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/logo_sut.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content=
...[SNIP]...
</script><script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/less.js/2.7.2/less.min.js"></script>
...[SNIP]...
3. Credit card numbers disclosed
Previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sut.maracaibo.gob.ve
Path:   /static/js/2.12453a89.chunk.js

Issue detail

The following credit card numbers were disclosed in the response:

Issue background

Applications sometimes disclose sensitive financial information such as credit card numbers. Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. If a credit card number is identified during a security assessment it should be verified, then application logic reviewed to identify whether its disclosure within the application is necessary and appropriate.

References

Vulnerability classifications

Request

GET /static/js/2.12453a89.chunk.js HTTP/1.1
Host: sut.maracaibo.gob.ve
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Connection: close
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Connection: close
Server: nginx
Date: Sun, 02 Jan 2022 15:36:54 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 28 Dec 2021 15:18:13 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600;
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none';
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=1800
Etag: W/"61cb2ab5-624e13"
Via: 1.1 vegur
Content-Length: 6442515

/*! For license information please see 2.12453a89.chunk.js.LICENSE.txt */
(this["webpackJsonpsigt-client"]=this["webpackJsonpsigt-client"]||[]).push([[2],[function(t,e,n){"use strict";t.exports=n(541)
...[SNIP]...
oveTo(e[0],e[1]),t.lineTo(n[0],n[1]),t.lineTo(r[0],r[1]),t.lineTo(i[0],i[1]),t.closePath(),e=u([7.320873711543669,2.64475551449975]),n=u([9.213272722738658,2.645820434679803]),r=u([9.213422896480349,1.4999812505283054]),i=u([7.322014760520787,1.4989168878985566]),t.moveTo(e[0],e[1]),t.lineTo(n[0],n[1]),t.lineTo(r[0],r[1]),t.lineTo(i[0],i[1]),t.closePath(),e=u([7.3220147605302905,1.4989168783492766]),n=u([9.21342289
...[SNIP]...
<polygon points="4 11.439 4 11 3 11 3 12 3.755 12 4 11.439">
...[SNIP]...

Report generated by Burp Suite web vulnerability scanner v2021.10.3, at Sun Jan 02 11:57:42 VET 2022.