Country
|
Taiwan
|
Organization
|
New
Century InfoComm Tech Co.
|
ISP
|
New
Centry InfoComm Tech. Co.
|
Last Update
|
2020-03-24T15:13:58.552775
|
ASN
|
AS9919
|
Web Technologies
Vulnerabilities
Note: the
device may not be impacted by all of these issues. The vulnerabilities are
implied based on the software and version.
CVE-2011-1469
|
Unspecified
vulnerability in the Streams component in PHP before 5.3.6 allows
context-dependent attackers to cause a denial of service (application crash)
by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
|
CVE-2018-10549
|
An issue was
discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17,
and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an
out-of-bounds read for crafted JPEG data because exif_iif_add_value
mishandles the case of a MakerNote that lacks a final '\0' character.
|
CVE-2014-5459
|
The PEAR_REST
class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to
arbitrary files via a symlink attack on a (1) rest.cachefile or (2)
rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and
useLocalCache functions.
|
CVE-2014-0238
|
The
cdf_read_property_info function in cdf.c in the Fileinfo component in PHP
before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a
denial of service (infinite loop or out-of-bounds memory access) via a vector
that (1) has zero length or (2) is too long.
|
CVE-2018-10545
|
An issue was
discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16,
and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache
access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call,
allowing one user (in a multiuser environment) to obtain sensitive
information from the process memory of a second user's PHP applications by
running gcore on the PID of the PHP-FPM worker process.
|
CVE-2018-10547
|
An issue was
discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before
7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS
on the PHAR 403 and 404 error pages via request data of a request for a .phar
file. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2018-5712.
|
CVE-2018-10546
|
An issue was
discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17,
and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because
the iconv stream filter does not reject invalid multibyte sequences.
|
CVE-2011-0755
|
Integer
overflow in the mt_rand function in PHP before 5.3.4 might make it easier for
context-dependent attackers to predict the return values by leveraging a
script's use of a large max parameter, as demonstrated by a value that
exceeds mt_getrandmax.
|
CVE-2011-4885
|
PHP before
5.3.9 computes hash values for form parameters without restricting the
ability to trigger hash collisions predictably, which allows remote attackers
to cause a denial of service (CPU consumption) by sending many crafted
parameters.
|
CVE-2013-4635
|
Integer
overflow in the SdnToJewish function in jewish.c in the Calendar component in
PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers
to cause a denial of service (application hang) via a large argument to the
jdtojewish function.
|
CVE-2018-10548
|
An issue was
discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17,
and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a
denial of service (NULL pointer dereference and application crash) because of
mishandling of the ldap_get_dn return value.
|
CVE-2018-19520
|
An issue was
discovered in SDCMS 1.6 with PHP 5.x.
app/admin/controller/themecontroller.php uses a check_bad function in an
attempt to block certain PHP functions such as eval, but does not prevent use
of preg_replace 'e' calls, allowing users to execute arbitrary code by
leveraging access to admin template management.
|
CVE-2018-19396
|
ext/standard/var_unserializer.c
in PHP 5.x through 7.1.24 allows attackers to cause a denial of service
(application crash) via an unserialize call for the com, dotnet, or variant
class.
|
CVE-2016-7478
|
Zend/zend_exceptions.c
in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote
attackers to cause a denial of service (infinite loop) via a crafted
Exception object in serialized data, a related issue to CVE-2015-8876.
|
CVE-2012-2376
|
Buffer
overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on
Windows allows remote attackers to execute arbitrary code via crafted
arguments that trigger incorrect handling of COM object VARIANT types, as
exploited in the wild in May 2012.
|
CVE-2011-1092
|
Integer
overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent
attackers to cause a denial of service (crash) and possibly read sensitive
memory via a large third argument to the shmop_read function.
|
CVE-2012-2143
|
The crypt_des
(aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in
PHP, PostgreSQL, and other products, does not process the complete cleartext
password if this password contains a 0x80 character, which makes it easier
for context-dependent attackers to obtain access via an authentication
attempt with an initial substring of the intended password, as demonstrated
by a Unicode password.
|
CVE-2012-2336
|
sapi/cgi/cgi_main.c
in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script
(aka php-cgi), does not properly handle query strings that lack an = (equals
sign) character, which allows remote attackers to cause a denial of service
(resource consumption) by placing command-line options in the query string,
related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1823.
|
CVE-2014-2497
|
The
gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and
earlier, allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted color table in an XPM file.
|
CVE-2012-1171
|
The libxml
RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the
open_basedir protection mechanism and read arbitrary files via vectors
involving a stream_close method call during use of a custom stream wrapper.
|
CVE-2011-1468
|
Multiple memory
leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote
attackers to cause a denial of service (memory consumption) via (1) plaintext
data to the openssl_encrypt function or (2) ciphertext data to the
openssl_decrypt function.
|
CVE-2018-17082
|
The Apache2
component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and
7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding:
chunked" request, because the bucket brigade is mishandled in the
php_handler function in sapi/apache2handler/sapi_apache2.c.
|
CVE-2011-0708
|
exif.c in the
Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect
cast, which allows remote attackers to cause a denial of service (application
crash) via an image with a crafted Image File Directory (IFD) that triggers a
buffer over-read.
|
CVE-2019-9639
|
An issue was
discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16,
and 7.3.x before 7.3.3. There is an uninitialized read in
exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
|
CVE-2019-9638
|
An issue was
discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16,
and 7.3.x before 7.3.3. There is an uninitialized read in
exif_process_IFD_in_MAKERNOTE because of mishandling the
maker_note->offset relationship to value_len.
|
CVE-2011-0421
|
The
_zip_name_locate function in zip_name_locate.c in the Zip extension in PHP
before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument,
which might allow context-dependent attackers to cause a denial of service
(NULL pointer dereference) via an empty ZIP archive that is processed with a
(1) locateName or (2) statName operation.
|
CVE-2012-2688
|
Unspecified
vulnerability in the _php_stream_scandir function in the stream
implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact
and remote attack vectors, related to an "overflow."
|
CVE-2019-9021
|
An issue was
discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and
7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions
in the PHAR extension may allow an attacker to read allocated or unallocated
memory past the actual data when trying to parse the file name, a different
vulnerability than CVE-2018-20783. This is related to
phar_detect_phar_fname_ext in ext/phar/phar.c.
|
CVE-2013-4248
|
The
openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before
5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a
domain name in the Subject Alternative Name field of an X.509 certificate,
which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a
crafted certificate issued by a legitimate Certification Authority, a related
issue to CVE-2009-2408.
|
CVE-2013-1635
|
ext/soap/soap.c
in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the
relationship between the soap.wsdl_cache_dir directive and the open_basedir
directive, which allows remote attackers to bypass intended access
restrictions by triggering the creation of cached SOAP WSDL files in an
arbitrary directory.
|
CVE-2011-1467
|
Unspecified
vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol)
function in the Intl extension in PHP before 5.3.6 allows context-dependent
attackers to cause a denial of service (application crash) via an invalid
argument, a related issue to CVE-2010-4409.
|
CVE-2011-1464
|
Buffer
overflow in the strval function in PHP before 5.3.6, when the precision
configuration option has a large value, might allow context-dependent
attackers to cause a denial of service (application crash) via a small
numerical value in the argument.
|
CVE-2012-0788
|
The PDORow
implementation in PHP before 5.3.9 does not properly interact with the
session feature, which allows remote attackers to cause a denial of service
(application crash) via a crafted application that uses a PDO driver for a
fetch and then calls the session_start function, as demonstrated by a crash
of the Apache HTTP Server.
|
CVE-2013-2110
|
Heap-based
buffer overflow in the php_quot_print_encode function in
ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
remote attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted argument to the
quoted_printable_encode function.
|
CVE-2018-14883
|
An issue was
discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20,
and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer
over-read in exif_thumbnail_extract of exif.c.
|
CVE-2019-9024
|
An issue was
discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and
7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to
cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc
in ext/xmlrpc/libxmlrpc/base64.c.
|
CVE-2018-20783
|
In PHP before
5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a
buffer over-read in PHAR reading functions may allow an attacker to read
allocated or unallocated memory past the actual data when trying to parse a
.phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.
|
CVE-2018-19395
|
ext/standard/var.c
in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of
service (NULL pointer dereference and application crash) because com and
com_safearray_proxy return NULL in com_properties_get in
ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on
COM("WScript.Shell").
|
CVE-2019-6977
|
gdImageColorMatch
in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in
the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x
before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This
can be exploited by an attacker who is able to trigger imagecolormatch calls
with crafted image data.
|
CVE-2012-0057
|
PHP before
5.3.9 has improper libxslt security settings, which allows remote attackers
to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt
output extension.
|
CVE-2012-2386
|
Integer
overflow in the phar_parse_tarfile function in tar.c in the phar extension in
PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code via
a crafted tar file that triggers a heap-based buffer overflow.
|
CVE-2006-7243
|
PHP before
5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing
a safe file extension after this character, as demonstrated by .php\0.jpg at
the end of the argument to the file_exists function.
|
CVE-2011-4718
|
Session
fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows
remote attackers to hijack web sessions by specifying a session ID.
|
CVE-2012-1172
|
The
file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly
handle invalid [ (open square bracket) characters in name values, which makes
it easier for remote attackers to cause a denial of service (malformed
$_FILES indexes) or conduct directory traversal attacks during multi-file
uploads by leveraging a script that lacks its own filename restrictions.
|
CVE-2012-2311
|
sapi/cgi/cgi_main.c
in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script
(aka php-cgi), does not properly handle query strings that contain a %3D
sequence but no = (equals sign) character, which allows remote attackers to
execute arbitrary code by placing command-line options in the query string,
related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2012-1823.
|
CVE-2014-0237
|
The
cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP
before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a
denial of service (performance degradation) by triggering many file_printf
calls.
|
CVE-2012-1823
|
sapi/cgi/cgi_main.c
in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script
(aka php-cgi), does not properly handle query strings that lack an = (equals
sign) character, which allows remote attackers to execute arbitrary code by
placing command-line options in the query string, related to lack of skipping
a certain php_getopt for the 'd' case.
|
CVE-2018-19935
|
ext/imap/php_imap.c
in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via an empty string
in the message argument to the imap_mail function.
|
CVE-2019-9637
|
An issue was
discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
Due to the way rename() across filesystems is implemented, it is possible
that file being renamed is briefly available with wrong permissions while the
rename is ongoing, thus enabling unauthorized users to access the data.
|
CVE-2014-9427
|
sapi/cgi/cgi_main.c
in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x
through 5.6.4, when mmap is used to read a .php file, does not properly
consider the mapping's length during processing of an invalid file that
begins with a # character and lacks a newline character, which causes an
out-of-bounds read and might (1) allow remote attackers to obtain sensitive
information from php-cgi process memory by leveraging the ability to upload a
.php file or (2) trigger unexpected code execution if a valid PHP script is
present in memory locations adjacent to the mapping.
|
CVE-2010-3870
|
The
utf8_decode function in PHP before 5.3.4 does not properly handle
non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data,
which makes it easier for remote attackers to bypass cross-site scripting
(XSS) and SQL injection protection mechanisms via a crafted string.
|
CVE-2015-8994
|
An issue was
discovered in PHP 5.x and 7.x, when the configuration uses
apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28
or 7.x after 7.0.13, the issue is resolved in a non-default configuration
with the opcache.validate_permission=1 setting. The vulnerability details are
as follows. In PHP SAPIs where PHP interpreters share a common parent
process, Zend OpCache creates a shared memory object owned by the common
parent during initialization. Child PHP processes inherit the SHM descriptor,
using it to cache and retrieve compiled script bytecode ("opcode"
in PHP jargon). Cache keys vary depending on configuration, but filename is a
central key component, and compiled opcode can generally be run if a script's
filename is known or can be guessed. Many common shared-hosting
configurations change EUID in child processes to enforce privilege separation
among hosted users (for example using mod_ruid2 for the Apache HTTP Server,
or php-fpm user settings). In these scenarios, the default Zend OpCache
behavior defeats script file permissions by sharing a single SHM cache among
all child PHP processes. PHP scripts often contain sensitive information:
Think of CMS configurations where reading or running another user's script
usually means gaining privileges to the CMS database.
|
CVE-2019-9023
|
An issue was
discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and
7.3.x before 7.3.1. A number of heap-based buffer over-read instances are
present in mbstring regular expression functions when supplied with invalid
multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c,
ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c,
ext/mbstring/oniguruma/enc/unicode.c, and
ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression
pattern contains invalid multibyte sequences.
|
CVE-2019-9020
|
An issue was
discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and
7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to
an invalid memory access (heap out of bounds read or read after free). This
is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
|
CVE-2019-9641
|
An issue was
discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16,
and 7.3.x before 7.3.3. There is an uninitialized read in
exif_process_IFD_in_TIFF.
|
CVE-2012-0789
|
Memory leak in
the timezone functionality in PHP before 5.3.9 allows remote attackers to
cause a denial of service (memory consumption) by triggering many strtotime
function calls, which are not properly handled by the php_date_parse_tzfile
cache.
|
CVE-2017-16642
|
In PHP before
5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date
extension's timelib_meridian handling of 'front of' and 'back of' directives
could be used by attackers able to supply date strings to leak information
from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds
reads affecting the php_parse_date function. NOTE: this is a different issue
than CVE-2017-11145.
|
CVE-2010-4699
|
The
iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4
does not properly handle encodings that are unrecognized by the iconv and
mbstring (aka Multibyte String) implementations, which allows remote
attackers to trigger an incomplete output array, and possibly bypass spam
detection or have unspecified other impact, via a crafted Subject header in
an e-mail message, as demonstrated by the ks_c_5601-1987 character set.
|
CVE-2012-3365
|
The SQLite
functionality in PHP before 5.3.15 allows remote attackers to bypass the
open_basedir protection mechanism via unspecified vectors.
|
CVE-2011-1470
|
The Zip
extension in PHP before 5.3.6 allows context-dependent attackers to cause a
denial of service (application crash) via a ziparchive stream that is not
properly handled by the stream_get_contents function.
|
CVE-2013-1643
|
The SOAP
parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers
to read arbitrary files via a SOAP WSDL file containing an XML external
entity declaration in conjunction with an entity reference, related to an XML
External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory
functions. NOTE: this vulnerability exists because of an incorrect fix for
CVE-2013-1824.
|
CVE-2018-15132
|
An issue was
discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before
7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on
Windows doesn't implement the open_basedir check. This could be abused to
find files on paths outside of the allowed directories.
|
CVE-2011-1466
|
Integer
overflow in the SdnToJulian function in the Calendar extension in PHP before
5.3.6 allows context-dependent attackers to cause a denial of service
(application crash) via a large integer in the first argument to the
cal_from_jd function.
|
Ports
·
80
·
443
·
2000
·
8008
Services
HTTP/1.0 302 Found
Location: https://www.ccf.org.tw/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
HTTP/1.1 200 OK
Date: Mon, 09 Mar 2020 13:17:45 GMT
X-Powered-By: PHP/5.2.17
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ed392480725782dd23e80090f1473ba0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: TS019ec7c2=01c61588fd4b2b573bf451563fb9684e2089468f172d9ea37230e3425995653ecede276064a4e27e122e2e2f30d2f7671c8d0c39a4;
Path=/
Vary: Accept-Encoding
Transfer-Encoding: chunked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:e2:00:00:00:01:4c:78:08:66:41:2d:62:38:0c:a5
Signature Algorithm:
sha256WithRSAEncryption
Issuer: C=TW, O=TAIWAN-CA,
OU=Secure SSL Sub-CA, CN=TWCA Secure SSL Certification Authority
Validity
Not Before: Aug 22 07:05:02
2018 GMT
Not After : Aug 27
15:59:59 2020 GMT
Subject: C=TW, ST=TAIWAN,
L=TAIPEI, O=Taiwan Fund for Children and Families, OU=IT, CN=*.ccf.org.tw
Subject Public Key Info:
Public Key Algorithm:
rsaEncryption
Public-Key: (2048
bit)
Modulus:
00:ca:1d:c8:7b:ea:d8:0e:6f:c3:8a:9d:b1:53:fa:
5d:33:d5:23:ce:d0:df:ba:7e:11:ea:96:55:5e:db:
61:08:87:84:c3:92:ae:85:b6:d9:e6:75:9c:37:1e:
49:1f:1e:4e:ac:cf:05:b4:07:78:3b:0b:3f:c2:40:
9a:9f:85:db:c4:bf:e5:9b:d8:fa:e3:f7:d7:66:5e:
55:fb:93:97:90:4e:ab:5d:44:76:14:bd:c8:34:e5:
91:8e:ba:c4:ef:6d:44:5d:b0:5d:15:a4:6e:cb:c5:
33:1d:7c:95:9c:42:0e:2f:39:0d:cd:96:71:a9:ea:
41:b3:a7:e2:44:03:51:45:91:65:e4:fb:8e:b3:a2:
2f:0b:42:1e:42:71:21:f3:30:b9:bc:9d:7b:2c:a2:
94:bc:fb:80:3b:55:81:0e:78:66:6f:fc:3a:fd:f9:
20:fe:9b:a4:57:d7:de:73:f7:b2:ac:e8:b5:e4:ed:
09:e0:b9:2b:d6:58:31:97:c2:ed:8b:a4:08:36:8d:
b3:34:47:08:02:be:46:3c:e8:8a:be:24:6d:da:f0:
a7:01:ee:11:d8:21:bc:5f:38:cd:6b:33:cb:b7:c5:
0f:81:6b:ac:d5:9a:cb:a7:66:60:7d:f2:38:15:24:
52:5f:c3:28:b5:c1:bb:d9:c3:4d:3d:00:8e:d8:f1:
32:d3
Exponent: 65537
(0x10001)
X509v3 extensions:
X509v3 Authority Key
Identifier:
keyid:F8:07:C2:68:24:FF:85:95:CB:DB:1E:E3:33:9C:2A:4F:97:20:56:7B
X509v3 Subject Key
Identifier:
6A:17:BC:33:53:E1:D8:DB:B3:F6:88:F6:97:69:33:1C:CF:1B:8C:2C:51:45:9B:FA:24:B7:AF:75:C8:30:9B:6B
X509v3 CRL Distribution
Points:
Full Name:
URI:http://sslserver.twca.com.tw/sslserver/Securessl_revoke_sha2_2014.crl
X509v3 Subject
Alternative Name:
DNS:*.ccf.org.tw
Authority Information
Access:
CA Issuers -
URI:http://sslserver.twca.com.tw/cacert/secure_sha2_2014.crt
OCSP -
URI:http://twcasslocsp.twca.com.tw/
X509v3 Certificate
Policies:
Policy:
1.3.6.1.4.1.40869.1.1.25
CPS:
www.twca.com.tw
X509v3 Basic
Constraints:
CA:FALSE
X509v3 Key Usage:
critical
Digital Signature,
Key Encipherment
X509v3 Extended Key
Usage:
TLS Web Server
Authentication, TLS Web Client Authentication
1.3.6.1.4.1.11129.2.4.2:
...g.e.u.U.....6.J...W<S...8xp%../..........e`sq......F0D. a..m
._.(].P....K.......N.'...... ........Q...'5...&. .......{.a.{.u....+z
O. ....hp~.....\..=..........e`sq......F0D.
yI.7..U.X.\...Q.R..;.............
0y.........~...j....W.8-.{8.N.._.u.......X......gp
<5.......w...
.....e`sqe.....F0D. '...=l.A@C....*...ST.q..3....7.b.
m..1.e...?...Bt>.J.Y..S.V*..v..Z
Signature Algorithm:
sha256WithRSAEncryption
d2:6b:2d:33:53:0b:0b:27:3f:03:2e:1e:7b:7d:93:26:ac:e4:
9c:ea:df:bb:f7:11:9a:0b:c5:32:96:1a:c1:b2:3f:f6:ff:e7:
e3:88:c3:c1:45:ab:2f:20:41:c4:ed:8d:e3:28:3d:c9:73:23:
a1:63:c9:1b:ab:64:79:f2:4f:1e:27:79:c6:49:7a:45:14:e0:
9d:6a:47:d2:cb:ad:a0:dd:5b:0c:25:d8:ad:d4:a4:6f:40:47:
3b:4a:76:4c:26:e5:f1:30:86:2b:d1:a4:ef:27:a3:36:da:ef:
8a:e2:30:f7:af:f4:0f:a9:c8:8f:9f:2d:bf:3c:51:c6:b2:e4:
ad:52:35:ff:e6:15:a9:87:0b:85:2e:1a:af:7c:e7:83:18:14:
24:60:19:f5:66:76:51:c2:3e:d3:32:9f:fd:d8:32:7e:bc:1e:
c1:17:f4:1f:c3:77:4e:bc:cb:45:8a:a9:b0:7b:93:6f:0a:42:
b6:6e:06:c4:ec:5b:56:d4:d8:ac:b2:36:f4:01:9a:96:09:8f:
96:01:50:fd:ff:eb:5e:7f:df:00:2a:01:09:21:05:29:96:a8:
69:e7:ec:cf:63:ec:33:b3:a2:43:e2:44:a1:eb:1d:59:88:94:
de:7d:99:fc:9f:f1:6f:1e:0c:fc:c4:d9:18:e0:57:c2:02:1c:
77:de:f4:37
HTTP/1.1 302 Found
Location: https://61.66.97.69:8010/
Connection: close
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors
© 2013-2020,
All Rights Reserved - Shodan®
