Dreamhost server still DROWn exploitable: -apache2-dap.carbine.dreamhost.com → https://test.drownattack.com/?site=apache2-dap.carbine.dreamhost.com 3 Domain Health issues - e.g. Certificate is Invalid.
redistrict.org
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
Common name:
sni.dreamhost.com
SAN:
Valid from:
2015-Aug-11 18:24:23 GMT
Valid to:
2025-Aug-08 18:24:23 GMT
Certificate status:
Unknown
Revocation check method:
Not available
Organization:
DreamHost
Organizational unit:
City/locality:
State/province:
California
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
0badc0ffee
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
sni.dreamhost.comRoot certificate
Server configuration
Host name:
apache2-dap.carbine.dreamhost.com
Server type:
Apache
IP address:
66.33.213.163
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
See: http://toolbar.netcraft.com/site_report?url=http://redistrict.org
Retirable jQuery script found running: -https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js
Detected libraries:
jquery - 1.4.1 : -https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.4.1 : -https://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
polonus (volunteer website security analyst and website error-hunter)