Shodan

108.161.136.175

Regular View Raw Data
Last Seen: 2024-05-13
Tags:
starttls

GeneralInformation

Hostnames server.nzmeccano.com
autoconfig.server.nzmeccano.com
autodiscover.server.nzmeccano.com
ipv6.server.nzmeccano.com
mail.server.nzmeccano.com
www.server.nzmeccano.com
sefton.org.nz
cpanel.sefton.org.nz
cpcalendars.sefton.org.nz
cpcontacts.sefton.org.nz
mail.sefton.org.nz
webdisk.sefton.org.nz
webmail.sefton.org.nz
www.sefton.org.nz
Domains nzmeccano.com sefton.org.nz 
Country United States
City Dallas
Organization TekTonic
ISP TekTonic
ASN AS55045

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2024-0727 Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
CVE-2023-5678 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
CVE-2019-0190 5.0A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
CVE-2009-3767 4.3libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-3766 6.8mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2009-3765 6.8mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-1390 6.8Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.

OpenPorts 

-847119852 | 2024-05-08T07:21:36.378130
21 / tcp 
236814975 | 2024-05-01T22:39:41.907221
53 / tcp 
236814975 | 2024-05-12T05:50:06.390898
53 / udp 
-400719989 | 2024-05-10T01:52:35.206050
80 / tcp 
1952082069 | 2024-05-05T11:48:36.667472
110 / tcp 
1559185454 | 2024-05-11T06:04:24.042531
143 / tcp 
-80160853 | 2024-05-13T03:00:52.697504
443 / tcp 
1488559319 | 2024-05-10T22:01:42.940163
465 / tcp 
924605283 | 2024-05-09T04:46:07.041256
587 / tcp 
-1132241830 | 2024-05-01T04:29:42.873960
993 / tcp 
-1001764030 | 2024-05-08T14:56:17.831432
995 / tcp 
1528780557 | 2024-05-09T12:33:49.328702
2082 / tcp 
-1328380349 | 2024-05-09T12:33:55.511578
2083 / tcp 
1727335283 | 2024-05-07T01:34:03.838057
2086 / tcp 
729892939 | 2024-05-13T00:27:26.055233
2087 / tcp



Products
Pricing
Contact Us

Shodan ® - All rights reserved