Some directories on the remote web server are browsable.

Multiple Nessus plugins identified directories on the web server that are browsable.

Make sure that browsable directories do not leak confidential information or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/09/15, Modified: 2021/01/19

The following directories are browsable :

http://172.18.0.4/test/

Some directories on the remote web server are browsable.

Multiple Nessus plugins identified directories on the web server that are browsable.

Make sure that browsable directories do not leak confidential information or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.

Medium

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/09/15, Modified: 2021/01/19

The following directories are browsable :

http://172.18.0.4:443/test/

It is possible to obtain the version number of the remote Apache HTTP server.

The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.

n/a

None

Published: 2010/07/30, Modified: 2023/08/17

URL : http://172.18.0.4/
Version : 2.4.99
Source : Server: Apache/2.4.41 (Ubuntu)
backported : 1
os : ConvertedUbuntu

It is possible to obtain the version number of the remote Apache HTTP server.

The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.

n/a

None

Published: 2010/07/30, Modified: 2023/08/17

URL : http://172.18.0.4:443/
Version : 2.4.99
Source : Server: Apache/2.4.41 (Ubuntu)
backported : 1
os : ConvertedUbuntu

Security patches are backported.

Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Security patches are backported.

Security patches may have been 'backported' to the remote HTTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

Security patches are backported.

Security patches may have been 'backported' to the remote HTTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2024/11/22

The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel -> Linux Kernel

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server:2.4.41 -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:http_server:2.4.99 -> Apache Software Foundation Apache HTTP Server
cpe:/a:openbsd:openssh:8.2 -> OpenBSD OpenSSH
cpe:/a:openbsd:openssh:8.2p1 -> OpenBSD OpenSSH

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2022/09/09

Remote device type : general-purpose
Confidence level : 65

Links to external sites were gathered.

Nessus gathered HREF links to external sites by crawling the remote web server.

n/a

None

Published: 2010/10/04, Modified: 2011/08/19

2 external URLs were gathered on this web server :
URL... - Seen on...

http://httpd.apache.org/docs/2.4/mod/mod_userdir.html -
https://bugs.launchpad.net/ubuntu/+source/apache2 -

Links to external sites were gathered.

Nessus gathered HREF links to external sites by crawling the remote web server.

n/a

None

Published: 2010/10/04, Modified: 2011/08/19

2 external URLs were gathered on this web server :
URL... - Seen on...

http://httpd.apache.org/docs/2.4/mod/mod_userdir.html - /
https://bugs.launchpad.net/ubuntu/+source/apache2 - /

This plugin determines which HTTP methods are allowed on various CGI directories.

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

n/a

None

Published: 2009/12/10, Modified: 2022/04/11

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD OPTIONS POST are allowed on :

/
/icons
/test


Based on tests of each method :

- HTTP methods GET HEAD OPTIONS POST are allowed on :

/
/icons
/test

This plugin determines which HTTP methods are allowed on various CGI directories.

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

n/a

None

Published: 2009/12/10, Modified: 2022/04/11

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD OPTIONS POST are allowed on :

/
/icons
/test


Based on tests of each method :

- HTTP methods GET HEAD OPTIONS POST are allowed on :

/
/icons
/test

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Apache/2.4.41 (Ubuntu)

A web server is running on the remote host.

This plugin attempts to determine the type and the version of the remote web server.

n/a

None

Published: 2000/01/04, Modified: 2020/10/30

The remote web server type is :

Apache/2.4.41 (Ubuntu)

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Wed, 18 Dec 2024 21:06:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 04 Oct 2022 18:35:09 GMT
ETag: "2aa6-5ea39b84a3d3e"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Response Body :


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
Last updated: 2016-11-16
See: https://launchpad.net/bugs/1288690
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache2 Ubuntu Default Page: It works</title>
<style type="text/css" media="screen">
* {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
}

body, html {
padding: 3px 3px 3px 3px;

background-color: #D8DBE2;

font-family: Verdana, sans-serif;
font-size: 11pt;
text-align: center;
}

div.main_page {
position: relative;
display: table;

width: 800px;

margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;

border-width: 2px;
border-color: #212738;
border-style: solid;

background-color: #FFFFFF;

text-align: center;
}

div.page_header {
height: 99px;
width: 100%;

background-color: #F5F6F7;
}

div.page_header span {
margin: 15px 0px 0px 50px;

font-size: 180%;
font-weight: bold;
}

div.page_header img {
margin: 3px 0px 0px 40px;

border: 0px 0px 0px;
}

div.table_of_contents {
clear: left;

min-width: 200px;

margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;
}

div.table_of_contents_item {
clear: left;

width: 100%;

margin: 4px 0px 0px 0px;

background-color: #FFFFFF;

color: #000000;
text-align: left;
}

div.table_of_contents_item a {
margin: 6px 0px 0px 6px;
}

div.content_section {
margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;
}

div.content_section_text {
padding: 4px 8px 4px 8px;

color: #000000;
font-size: 100%;
}

div.content_section_text pre {
margin: 8px 0px 8px 0px;
padding: 8px 8px 8px 8px;

border-width: 1px;
border-style: dotted;
border-color: #000000;

background-color: #F5F6F7;

font-style: italic;
}

div.content_section_text p {
margin-bottom: 6px;
}

div.content_section_text ul, div.content_section_text li {
padding: 4px 8px 4px 16px;
}

div.section_header {
padding: 3px 6px 3px 6px;

background-color: #8E9CB2;

color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;
}

div.section_header_red {
background-color: #CD214F;
}

div.section_header_grey {
background-color: #9F9386;
}

.floating_element {
position: relative;
float: left;
}

div.table_of_contents_item a,
div.content_section_text a {
text-decoration: none;
font-weight: bold;
}

div.table_of_contents_item a:link,
div.table_of_contents_item a:visited,
div.table_of_contents_item a:active {
color: #000000;
}

div.table_of_contents_item a:hover {
background-color: #000000;

color: #FFFFFF;
}

div.content_section_text a:link,
div.content_section_text a:visited,
div.content_section_text a:active {
background-color: #DCDFE6;

color: #000000;
}

div.content_section_text a:hover {
background-color: #000000;

color: #DCDFE6;
}

div.validator {
}
</style>
</head>
<body>
<div class="main_page">
<div class="page_header floating_element">
<img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
<span class="floating_element">
Apache2 Ubuntu Default Page
</span>
</div>
<!-- <div class="table_of_contents floating_element">
<div class="section_header section_header_grey">
TABLE OF CONTENTS
</div>
<div class="table_of_contents_item floating_element">
<a href="#about">About</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#changes">Changes</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#scope">Scope</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#files">Config files</a>
</div>
</div>
-->
<div class="content_section floating_element">


<div class="section_header section_header_red">
<div id="about"></div>
It works!
</div>
<div class="content_section_text">
<p>
This is the default welcome page used to test the correct
operation of the Apache2 server after installation on Ubuntu systems.
It is based on the equivalent page on Debian, from which the Ubuntu Apache
packaging is derived.
If you can read this page, it means that the Apache HTTP server installed at
this site is working properly. You should <b>replace this file</b> (located at
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
</p>


<p>
If you are a normal user of this web site and don't know what this page is
about, this probably means that the site is currently unavailable due to
maintenance.
If the problem persists, please contact the site's administrator.
</p>

</div>
<div class="section_header">
<div id="changes"></div>
Configuration Overview
</div>
<div class="content_section_text">
<p>
Ubuntu's Apache2 default configuration is different from the
upstream default configuration, and split into several files optimized for
interaction with Ubuntu tools. The configuration system is
<b>fully documented in
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
documentation. Documentation for the web server itself can be
found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
package was installed on this server.

</p>
<p>
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
</p>
<pre>
/etc/apache2/
|-- apache2.conf
| `-- ports.conf
|-- mods-enabled
| |-- *.load
| `-- *.conf
|-- conf-enabled
| `-- *.conf
|-- sites-enabled
| `-- *.conf
</pre>
<ul>
<li>
<tt>apache2.conf</tt> is the main configuration
file. It puts the pieces together by including all remaining configuration
files when starting up the web server.
</li>

<li>
<tt>ports.conf</tt> is always included from the
main configuration file. It is used to determine the listening ports for
incoming connections, and this file can be customized anytime.
</li>

<li>
Configuration files in the <tt>mods-enabled/</tt>,
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
particular configuration snippets which manage modules, global configuration
fragments, or virtual host configurations, respectively.
</li>

<li>
They are activated by symlinking available
configuration files from their respective
*-available/ counterparts. These should be managed
by using our helpers
<tt>
a2enmod,
a2dismod,
</tt>
<tt>
a2ensite,
a2dissite,
</tt>
and
<tt>
a2enconf,
a2disconf
</tt>. See their respective man pages for detailed information.
</li>

<li>
The binary is called apache2. Due to the use of
environment variables, in the default configuration, apache2 needs to be
started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
<b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
default configuration.
</li>
</ul>
</div>

<div class="section_header">
<div id="docroot"></div>
Document Roots
</div>

<div class="content_section_text">
<p>
By default, Ubuntu does not allow access through the web browser to
<em>any</em> file apart of those located in <tt>/var/www</tt>,
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
directories (when enabled) and <tt>/usr/share</tt> (for web
applications). If your site is using a web document root
located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
</p>
<p>
The default Ubuntu document root is <tt>/var/www/html</tt>. You
can make your own virtual hosts under /var/www. This is different
to previous releases which provides better security out of the box.
</p>
</div>

<div class="section_header">
<div id="bugs"></div>
Reporting Problems
</div>
<div class="content_section_text">
<p>
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
Apache2 package with Ubuntu. However, check <a
href="https://bugs.launchpad.net/ubuntu/+source/apache2"
rel="nofollow">existing bug reports</a> before reporting a new bug.
</p>
<p>
Please report bugs specific to modules (such as PHP and others)
to respective packages, not to the web server itself.
</p>
</div>




</div>
</div>
<div class="validator">
</div>
</body>
</html>

Some information about the remote HTTP configuration can be extracted.

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.

n/a

None

Published: 2007/01/30, Modified: 2024/02/26

Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Wed, 18 Dec 2024 21:06:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 04 Oct 2022 18:35:09 GMT
ETag: "2aa6-5ea39b84a3d3e"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Response Body :


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
Last updated: 2016-11-16
See: https://launchpad.net/bugs/1288690
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache2 Ubuntu Default Page: It works</title>
<style type="text/css" media="screen">
* {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
}

body, html {
padding: 3px 3px 3px 3px;

background-color: #D8DBE2;

font-family: Verdana, sans-serif;
font-size: 11pt;
text-align: center;
}

div.main_page {
position: relative;
display: table;

width: 800px;

margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;

border-width: 2px;
border-color: #212738;
border-style: solid;

background-color: #FFFFFF;

text-align: center;
}

div.page_header {
height: 99px;
width: 100%;

background-color: #F5F6F7;
}

div.page_header span {
margin: 15px 0px 0px 50px;

font-size: 180%;
font-weight: bold;
}

div.page_header img {
margin: 3px 0px 0px 40px;

border: 0px 0px 0px;
}

div.table_of_contents {
clear: left;

min-width: 200px;

margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;
}

div.table_of_contents_item {
clear: left;

width: 100%;

margin: 4px 0px 0px 0px;

background-color: #FFFFFF;

color: #000000;
text-align: left;
}

div.table_of_contents_item a {
margin: 6px 0px 0px 6px;
}

div.content_section {
margin: 3px 3px 3px 3px;

background-color: #FFFFFF;

text-align: left;
}

div.content_section_text {
padding: 4px 8px 4px 8px;

color: #000000;
font-size: 100%;
}

div.content_section_text pre {
margin: 8px 0px 8px 0px;
padding: 8px 8px 8px 8px;

border-width: 1px;
border-style: dotted;
border-color: #000000;

background-color: #F5F6F7;

font-style: italic;
}

div.content_section_text p {
margin-bottom: 6px;
}

div.content_section_text ul, div.content_section_text li {
padding: 4px 8px 4px 16px;
}

div.section_header {
padding: 3px 6px 3px 6px;

background-color: #8E9CB2;

color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;
}

div.section_header_red {
background-color: #CD214F;
}

div.section_header_grey {
background-color: #9F9386;
}

.floating_element {
position: relative;
float: left;
}

div.table_of_contents_item a,
div.content_section_text a {
text-decoration: none;
font-weight: bold;
}

div.table_of_contents_item a:link,
div.table_of_contents_item a:visited,
div.table_of_contents_item a:active {
color: #000000;
}

div.table_of_contents_item a:hover {
background-color: #000000;

color: #FFFFFF;
}

div.content_section_text a:link,
div.content_section_text a:visited,
div.content_section_text a:active {
background-color: #DCDFE6;

color: #000000;
}

div.content_section_text a:hover {
background-color: #000000;

color: #DCDFE6;
}

div.validator {
}
</style>
</head>
<body>
<div class="main_page">
<div class="page_header floating_element">
<img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
<span class="floating_element">
Apache2 Ubuntu Default Page
</span>
</div>
<!-- <div class="table_of_contents floating_element">
<div class="section_header section_header_grey">
TABLE OF CONTENTS
</div>
<div class="table_of_contents_item floating_element">
<a href="#about">About</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#changes">Changes</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#scope">Scope</a>
</div>
<div class="table_of_contents_item floating_element">
<a href="#files">Config files</a>
</div>
</div>
-->
<div class="content_section floating_element">


<div class="section_header section_header_red">
<div id="about"></div>
It works!
</div>
<div class="content_section_text">
<p>
This is the default welcome page used to test the correct
operation of the Apache2 server after installation on Ubuntu systems.
It is based on the equivalent page on Debian, from which the Ubuntu Apache
packaging is derived.
If you can read this page, it means that the Apache HTTP server installed at
this site is working properly. You should <b>replace this file</b> (located at
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
</p>


<p>
If you are a normal user of this web site and don't know what this page is
about, this probably means that the site is currently unavailable due to
maintenance.
If the problem persists, please contact the site's administrator.
</p>

</div>
<div class="section_header">
<div id="changes"></div>
Configuration Overview
</div>
<div class="content_section_text">
<p>
Ubuntu's Apache2 default configuration is different from the
upstream default configuration, and split into several files optimized for
interaction with Ubuntu tools. The configuration system is
<b>fully documented in
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
documentation. Documentation for the web server itself can be
found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
package was installed on this server.

</p>
<p>
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
</p>
<pre>
/etc/apache2/
|-- apache2.conf
| `-- ports.conf
|-- mods-enabled
| |-- *.load
| `-- *.conf
|-- conf-enabled
| `-- *.conf
|-- sites-enabled
| `-- *.conf
</pre>
<ul>
<li>
<tt>apache2.conf</tt> is the main configuration
file. It puts the pieces together by including all remaining configuration
files when starting up the web server.
</li>

<li>
<tt>ports.conf</tt> is always included from the
main configuration file. It is used to determine the listening ports for
incoming connections, and this file can be customized anytime.
</li>

<li>
Configuration files in the <tt>mods-enabled/</tt>,
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
particular configuration snippets which manage modules, global configuration
fragments, or virtual host configurations, respectively.
</li>

<li>
They are activated by symlinking available
configuration files from their respective
*-available/ counterparts. These should be managed
by using our helpers
<tt>
a2enmod,
a2dismod,
</tt>
<tt>
a2ensite,
a2dissite,
</tt>
and
<tt>
a2enconf,
a2disconf
</tt>. See their respective man pages for detailed information.
</li>

<li>
The binary is called apache2. Due to the use of
environment variables, in the default configuration, apache2 needs to be
started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
<b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
default configuration.
</li>
</ul>
</div>

<div class="section_header">
<div id="docroot"></div>
Document Roots
</div>

<div class="content_section_text">
<p>
By default, Ubuntu does not allow access through the web browser to
<em>any</em> file apart of those located in <tt>/var/www</tt>,
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
directories (when enabled) and <tt>/usr/share</tt> (for web
applications). If your site is using a web document root
located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
</p>
<p>
The default Ubuntu document root is <tt>/var/www/html</tt>. You
can make your own virtual hosts under /var/www. This is different
to previous releases which provides better security out of the box.
</p>
</div>

<div class="section_header">
<div id="bugs"></div>
Reporting Problems
</div>
<div class="content_section_text">
<p>
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
Apache2 package with Ubuntu. However, check <a
href="https://bugs.launchpad.net/ubuntu/+source/apache2"
rel="nofollow">existing bug reports</a> before reporting a new bug.
</p>
<p>
Please report bugs specific to modules (such as PHP and others)
to respective packages, not to the web server itself.
</p>
</div>




</div>
</div>
<div class="validator">
</div>
</body>
</html>

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.

Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- http://172.18.0.4/
- http://172.18.0.4/test/
- http://172.18.0.4/test/?C=D%3BO=A
- http://172.18.0.4/test/?C=M%3BO=A
- http://172.18.0.4/test/?C=N%3BO=D
- http://172.18.0.4/test/?C=S%3BO=A
- http://172.18.0.4/test/test_sql.php

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.

Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- http://172.18.0.4:443/
- http://172.18.0.4:443/test/
- http://172.18.0.4:443/test/?C=D%3BO=A
- http://172.18.0.4:443/test/?C=M%3BO=A
- http://172.18.0.4:443/test/?C=N%3BO=D
- http://172.18.0.4:443/test/?C=S%3BO=A
- http://172.18.0.4:443/test/test_sql.php

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive X-Frame-Options response header or does not set one at all.

The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors

Set a properly configured X-Frame-Options header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a X-Frame-Options response header or set a permissive policy:

- http://172.18.0.4/
- http://172.18.0.4/test/
- http://172.18.0.4/test/?C=D%3BO=A
- http://172.18.0.4/test/?C=M%3BO=A
- http://172.18.0.4/test/?C=N%3BO=D
- http://172.18.0.4/test/?C=S%3BO=A
- http://172.18.0.4/test/test_sql.php

The remote web server does not take steps to mitigate a class of web application vulnerabilities.

The remote web server in some responses sets a permissive X-Frame-Options response header or does not set one at all.

The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors

Set a properly configured X-Frame-Options header for all requested resources.

None

Published: 2010/10/26, Modified: 2021/01/19

The following pages do not set a X-Frame-Options response header or set a permissive policy:

- http://172.18.0.4:443/
- http://172.18.0.4:443/test/
- http://172.18.0.4:443/test/?C=D%3BO=A
- http://172.18.0.4:443/test/?C=M%3BO=A
- http://172.18.0.4:443/test/?C=N%3BO=D
- http://172.18.0.4:443/test/?C=S%3BO=A
- http://172.18.0.4:443/test/test_sql.php

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2024/05/20

Port 22/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2024/05/20

Port 80/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2024/05/20

Port 443/tcp was found to be open

This plugin displays information about the Nessus scan.

This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.

n/a

None

Published: 2005/08/26, Modified: 2024/10/04

Information about this scan :

Nessus version : 10.8.3
Nessus build : 20010
Plugin feed version : 202412181550
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Preproducción
Scan policy used : Advanced Scan
Scanner IP : 172.20.19.23
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 77.155 ms
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : no
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : enabled
Web application tests : enabled
Web app tests - Test mode : some_pairs
Web app tests - Try all HTTP methods : yes
Web app tests - Maximum run time : 5 minutes.
Web app tests - Stop at first flaw : port
Max hosts : 50
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/12/18 15:57 SA Pacific Standard Time
Scan duration : 1364 sec
Scan for malware : yes

It is possible to guess the remote operating system.

Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.

n/a

None

Published: 2003/12/09, Modified: 2024/10/14

Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

OS Security Patch Assessment is not available.

OS Security Patch Assessment is not available on the remote host.
This does not necessarily indicate a problem with the scan.
Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may have occurred that prevented OS security patch assessment from being available. See plugin output for details.

This plugin reports non-failure information impacting the availability of OS Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not Supported' will report concurrently with this plugin.

n/a

None

Published: 2018/10/02, Modified: 2021/07/12

The following issues were reported :

- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.

An OpenSSH-based SSH server was detected on the remote host.

An OpenSSH-based SSH server was detected on the remote host.

n/a

None

Published: 2023/09/14, Modified: 2024/12/17

Service : ssh
Version : 8.2p1
Banner : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11

The SSH server on the remote host accepts password authentication.

The SSH server on the remote host accepts password authentication.

n/a

None

Published: 2021/05/07, Modified: 2021/05/07

A SSH server is running on the remote host.

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

n/a

None

Published: 2002/03/06, Modified: 2024/07/24

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

An SSH server is listening on this port.

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

n/a

None

Published: 1999/10/12, Modified: 2024/07/24

SSH version : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
SSH supported authentication : publickey,password

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2024/03/26

An SSH server is running on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2024/03/26

A web server is running on this port.

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2024/03/26

A web server is running on this port.

The remote service implements TCP timestamps.

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

n/a

None

Published: 2007/05/16, Modified: 2023/10/17

Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan policy.

Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote service using the provided credentials. There may have been a protocol failure that prevented authentication from being attempted or all of the provided credentials for the authentication protocol may be invalid. See plugin output for error details.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.

n/a

None

Published: 2018/06/27, Modified: 2024/04/19

SSH was detected on port 22 but no credentials were provided.
SSH local checks were not enabled.

It was possible to obtain traceroute information.

Makes a traceroute to the remote host.

n/a

None

Published: 1999/11/27, Modified: 2023/12/04

For your information, here is the traceroute from 172.20.19.23 to 172.18.0.4 :
172.20.19.23
172.20.18.1
192.168.77.2
172.18.0.4

Hop Count: 3

The remote web server hosts linkable content that can be crawled by Nessus.

The remote web server contains linkable content that can be used to gather information about a target.

n/a

None

Published: 2016/06/24, Modified: 2016/06/24

The following sitemap was created from crawling linkable content on the target host :

- http://172.18.0.4/
- http://172.18.0.4/test/
- http://172.18.0.4/test/test_sql.php

Attached is a copy of the sitemap file.

The remote web server hosts linkable content that can be crawled by Nessus.

The remote web server contains linkable content that can be used to gather information about a target.

n/a

None

Published: 2016/06/24, Modified: 2016/06/24

The following sitemap was created from crawling linkable content on the target host :

- http://172.18.0.4:443/
- http://172.18.0.4:443/test/
- http://172.18.0.4:443/test/test_sql.php

Attached is a copy of the sitemap file.

It is possible to enumerate directories on the web server.

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.

n/a

None

Published: 2002/06/26, Modified: 2024/06/07

The following directories were discovered:
/test, /icons

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

It is possible to enumerate directories on the web server.

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.

n/a

None

Published: 2002/06/26, Modified: 2024/06/07

The following directories were discovered:
/test, /icons

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

Nessus can crawl the remote website.

This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host.

It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

n/a

None

Published: 2001/05/04, Modified: 2024/07/17

Webmirror performed 10 queries in 2s (5.000 queries per second)

The following CGIs have been discovered :

Directory index found at /test/

Nessus can crawl the remote website.

This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host.

It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

n/a

None

Published: 2001/05/04, Modified: 2024/07/17

Webmirror performed 10 queries in 3s (3.0333 queries per second)

The following CGIs have been discovered :

Directory index found at /test/

Security patches are backported.

Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.

n/a

None

Published: 2009/06/25, Modified: 2015/07/07

Give Nessus credentials to perform local checks.

It was possible to enumerate CPE names that matched on the remote system.

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

n/a

None

Published: 2010/04/21, Modified: 2024/11/22

The remote operating system matched the following CPE :

cpe:/o:linux:linux_kernel -> Linux Kernel

Following application CPE's matched on the remote system :

cpe:/a:mysql:mysql:8.0.30-0ubuntu0.20.04.2 -> MySQL MySQL
cpe:/a:openbsd:openssh:8.2 -> OpenBSD OpenSSH
cpe:/a:openbsd:openssh:8.2p1 -> OpenBSD OpenSSH

It is possible to guess the remote device type.

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).

n/a

None

Published: 2011/05/23, Modified: 2022/09/09

Remote device type : general-purpose
Confidence level : 65

A database server is listening on the remote port.

The remote host is running MySQL, an open source database server.

n/a

None

Published: 2001/08/13, Modified: 2022/10/12

Version : 8.0.30-0ubuntu0.20.04.2
Protocol : 10
Server Status : SERVER_STATUS_AUTOCOMMIT
Server Capabilities :
CLIENT_LONG_PASSWORD (new more secure passwords)
CLIENT_FOUND_ROWS (Found instead of affected rows)
CLIENT_LONG_FLAG (Get all column flags)
CLIENT_CONNECT_WITH_DB (One can specify db on connect)
CLIENT_NO_SCHEMA (Don't allow database.table.column)
CLIENT_COMPRESS (Can use compression protocol)
CLIENT_ODBC (ODBC client)
CLIENT_LOCAL_FILES (Can use LOAD DATA LOCAL)
CLIENT_IGNORE_SPACE (Ignore spaces before "(")
CLIENT_PROTOCOL_41 (New 4.1 protocol)
CLIENT_INTERACTIVE (This is an interactive client)
CLIENT_SSL (Switch to SSL after handshake)
CLIENT_SIGPIPE (IGNORE sigpipes)
CLIENT_TRANSACTIONS (Client knows about transactions)
CLIENT_RESERVED (Old flag for 4.1 protocol)
CLIENT_SECURE_CONNECTION (New 4.1 authentication)

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2024/05/20

Port 22/tcp was found to be open

It is possible to determine which TCP ports are open.

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Protect your target with an IP filter.

None

Published: 2009/02/04, Modified: 2024/05/20

Port 3306/tcp was found to be open

This plugin displays information about the Nessus scan.

This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.

n/a

None

Published: 2005/08/26, Modified: 2024/10/04

Information about this scan :

Nessus version : 10.8.3
Nessus build : 20010
Plugin feed version : 202412181550
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Preproducción
Scan policy used : Advanced Scan
Scanner IP : 172.20.19.23
Port scanner(s) : nessus_syn_scanner
Port range : default
Ping RTT : 76.909 ms
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : no
Credentialed checks : no
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : enabled
Web application tests : enabled
Web app tests - Test mode : some_pairs
Web app tests - Try all HTTP methods : yes
Web app tests - Maximum run time : 5 minutes.
Web app tests - Stop at first flaw : port
Max hosts : 50
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/12/18 15:57 SA Pacific Standard Time
Scan duration : 162 sec
Scan for malware : yes

It is possible to guess the remote operating system.

Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.

n/a

None

Published: 2003/12/09, Modified: 2024/10/14

Remote operating system : Linux Kernel 2.6
Confidence level : 65
Method : SinFP


The remote host is running Linux Kernel 2.6

OS Security Patch Assessment is not available.

OS Security Patch Assessment is not available on the remote host.
This does not necessarily indicate a problem with the scan.
Credentials may not have been provided, OS security patch assessment may not be supported for the target, the target may not have been identified, or another issue may have occurred that prevented OS security patch assessment from being available. See plugin output for details.

This plugin reports non-failure information impacting the availability of OS Security Patch Assessment. Failure information is reported by plugin 21745 : 'OS Security Patch Assessment failed'. If a target host is not supported for OS Security Patch Assessment, plugin 110695 : 'OS Security Patch Assessment Checks Not Supported' will report concurrently with this plugin.

n/a

None

Published: 2018/10/02, Modified: 2021/07/12

The following issues were reported :

- Plugin : no_local_checks_credentials.nasl
Plugin ID : 110723
Plugin Name : Target Credential Status by Authentication Protocol - No Credentials Provided
Message :
Credentials were not provided for detected SSH service.

An OpenSSH-based SSH server was detected on the remote host.

An OpenSSH-based SSH server was detected on the remote host.

n/a

None

Published: 2023/09/14, Modified: 2024/12/17

Service : ssh
Version : 8.2p1
Banner : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

The SSH server on the remote host accepts password authentication.

The SSH server on the remote host accepts password authentication.

n/a

None

Published: 2021/05/07, Modified: 2021/05/07

A SSH server is running on the remote host.

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

n/a

None

Published: 2002/03/06, Modified: 2024/07/24

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0

An SSH server is listening on this port.

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

n/a

None

Published: 1999/10/12, Modified: 2024/07/24

SSH version : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
SSH supported authentication : publickey,password

The remote service could be identified.

Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

n/a

None

Published: 2007/08/19, Modified: 2024/03/26

An SSH server is running on this port.

The remote service could be identified.

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives a 'HELP'
request.

n/a

None

Published: 2002/11/18, Modified: 2024/11/19

A MySQL server is running on this port.

The remote service implements TCP timestamps.

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.

n/a

None

Published: 2007/05/16, Modified: 2023/10/17

Nessus was able to find common ports used for local checks, however, no credentials were provided in the scan policy.

Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote service using the provided credentials. There may have been a protocol failure that prevented authentication from being attempted or all of the provided credentials for the authentication protocol may be invalid. See plugin output for error details.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.

n/a

None

Published: 2018/06/27, Modified: 2024/04/19

SSH was detected on port 22 but no credentials were provided.
SSH local checks were not enabled.

It was possible to obtain traceroute information.

Makes a traceroute to the remote host.

n/a

None

Published: 1999/11/27, Modified: 2023/12/04

For your information, here is the traceroute from 172.20.19.23 to 172.18.0.5 :
172.20.19.23
172.20.18.1
192.168.77.2
172.18.0.5

Hop Count: 3