|
Standard Security Audit (Sample)
| Report ID | 1 |
| View Created On: | Jan 1, 1970 00:00 GMT |
| Host Address(es): | X.X.X.X |
Report Contents
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 18 different issues we found are spread across the different risk classes.
For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
2. Baseline Comparison Control
 |
Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.
Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.
| According to your current report style, baseline comparisons are: | Enabled |
| Comparisons have been done against the report: | Report ID: 5
Most recent audit on the same IP. |
The most likely other audits you may wish to use as a baseline include:
|
Other audits you may wish to use as a baseline include:
|
| Make this audit a preferred baseline for use in comparing to other audits: |
|
3. Vulnerability Category Summary
|
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.
| Category | High | Med | Low | Other |
| Fedora Local Security Checks |
| | | |
| Debian Local Security Checks |
| | | |
| Mandrake Local Security Checks |
| | | |
| Solaris Local Security Checks |
| | | |
| Red Hat Local Security Checks |
| | | |
| FreeBSD Local Security Checks |
| | | |
| SuSE Local Security Checks |
| | | |
| Gentoo Local Security Checks |
| | | |
| CGI abuses |
| | | |
| CentOS Local Security Checks |
| | | |
| Ubuntu Local Security Checks |
| | | |
| Web application abuses |
| | | |
| Service detection |
| | | |
| General |
| | 4 |
|
| Denial of Service |
2 |
| | |
| Slackware Local Security Checks |
| | | |
| Conectiva Local Security Checks |
| | | |
| Backdoors |
| | | |
| Turbolinux Local Security Tests |
| | | |
| Windows |
| | | |
| HP-UX Local Security Checks |
| | | |
| Windows : Microsoft Bulletins |
| | | |
| FTP |
2 |
| | |
| Misc. |
| | | |
| CGI abuses : XSS |
| | | |
| Gain root remotely |
| | | |
| Trustix Local Security Checks |
| | | |
| Buffer overflow |
| | | |
| Gain a shell remotely |
1 |
| | |
| Remote file access |
| | | |
| SMTP problems |
1 |
1 |
1 |
|
| Web Servers |
| | | |
| AIX Local Security Checks |
| | | |
| CISCO |
| | | |
| RPC |
| | | |
| Mac OS X Local Security Checks |
| | | |
| Default Unix Accounts |
| | | |
| Firewalls |
| | | |
| Databases |
| | | |
| Peer-To-Peer File Sharing |
| | | |
| Windows : User management |
| | | |
| Useless services |
| | | |
| Privilege escalation |
| | | |
| Settings |
| | | |
| SNMP |
| | | |
| Finger abuses |
| | | |
| Netware |
| | | |
| NIS |
| | | |
| Port scanners |
3 |
| 2 |
1 |
| Malware |
| | | |
| Brute force attacks |
| | | |
| Totals: | 9 | 1 | 7 | 1 |
4. Vulnerability Title Summary
High Risk Vulnerabilities
 10556 FTP : Broker FTP files listing 10535 Port scanners : General
10513 Port scanners : General
10483 Port scanners : General
10472 Gain a shell remotely : SSH Kerberos issue
10452 FTP : wu-ftpd SITE EXEC vulnerability
10406 Denial of Service : IIS Malformed Extension Data in URL
10261 SMTP problems : Sendmail mailing to programs
10137 Denial of Service : MDaemon DoS
|
Medium Risk Vulnerabilities
10167 SMTP problems : NTMail3 spam feature
|
Low Risk Vulnerabilities
10267 General : SSH Server type and version
10263 General : SMTP Server type and version
10250 SMTP problems : Sendmail redirection check
10249 Port scanners : General
10107 General : HTTP Server type and version
10092 General : FTP Server type and version
10079 Port scanners : General
|
Other Items to be Considered
10287 Port scanners : General
|
5. Vulnerability Details
|
10556 FTP: Broker FTP files listing
Description
ftp (21/tcp)It was possible to get the listing of the remote root
directory by issuing the command
LIST C:
The data we could get is :
0
An attacker may use this flaw to retrieve arbitrary files on this
server.
Solution : if you are using broker ftp, upgrade to the latest version, or
contact your vendor for a patch
Risk factor : High
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description Directory traversal vulnerability in Transsoft FTP Broker before 5.5
allows attackers to (1) delete arbitrary files via DELETE, or (2) list
arbitrary directories via LIST, via a .. (dot dot) in the file name.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10535 Port scanners: General
Description
www (80/tcp)
A version of php which is older than 3.0.17
or than 4.0.3 is running on this host.
If the option 'log_errors' is set to 'On' in php.ini,
then an attacker may execute arbitrary code on this host.
Solution : make sure that 'log_errors' is set to 'Off' in your php.ini,
or install the latest version of PHP :
http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz
or
http://www.php.net/distributions/php-3.0.17.tar.gz
Risk factor : High
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10535
Edit Disposition
|
10513 Port scanners: General
Description
www (80/tcp)
A version of php which is older than 3.0.17
or 4.0.3 is running on this host.
If a php service that allows users to upload files
and then display their content is running on this host,
an attacker may be able to read arbitrary files from the server.
Solution : upgrade to php 3.0.17 or 4.0.3, and see also
http://www.php.net/manual/language.variables.predefined.php
Risk factor : Serious
CVE : CAN-2000-0860
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10513
Edit Disposition
|
10483 Port scanners: General
Description
postgres (5432/tcp)Your PostgreSQL database is not password protected.
We could log in as the user 'postgres'.
Anyone can connect to it and do whatever he wants to your data
(deleting a database, adding bogus entries, ...)
Here is the list of the databases that are present on the remote host :
. dbA
. domain
. dbB
. dbC
. dbD
Solution : Log into this host, and set a password for this user (if not
done already) - using the command ALTER USER (see the documentation on
www.postgresql.org).
In addition to this, configure the file pg_hba.conf to require a password
(or kerberos) authentication for all the remote hosts that have
legitimate access to this database.
You should also require a password locally, by adding the line
'local all password' in this file.
Risk factor : High
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10483
Edit Disposition
|
10472 Gain a shell remotely: SSH Kerberos issue
Description
ssh (22/tcp)
You are running a version of SSH which is
older than (or as old as) version 1.2.27.
If you compiled ssh with kerberos support,
then an attacker may eavesdrop your users
kerberos tickets, as sshd will set
the environment variable KRB5CCNAME to
'none', so kerberos tickets will be stored
in the current working directory of the
user, as 'none'.
If you have nfs/smb shared disks, then an attacker
may eavesdrop the kerberos tickets of your
users using this flaw.
*** If you are not using kerberos, then
*** ignore this warning.
Solution : use ssh 1.2.28 or newer
Risk factor : HighAdditional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems. Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2002, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description SSH 1.2.27 with Kerberos authentication support stores Kerberos
tickets in a file which is created in the current directory of the
user who is logging in, which could allow remote attackers to sniff
the ticket cache if the home directory is installed on NFS.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10452 FTP: wu-ftpd SITE EXEC vulnerability
Description
ftp (21/tcp)
The remote ftp server does not sanitize properly the argument of
the SITE EXEC command.
It may be possible for a remote attacker
to gain root access.
Solution : Upgrade your wu-ftpd server (<= 2.6.0 are vulnerables)
or disable any access from untrusted users (especially anonymous).
Risk factor : Serious
CVE : CVE-2000-0573
Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2002, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10406 Denial of Service: IIS Malformed Extension Data in URL
Description
www (80/tcp)
It was possible to make IIS use 100% of the CPU by
sending it malformed extension data in the URL
requested, preventing him to serve web pages
to legitimate clients.
Solution : Microsoft has made patches available at :
- For Internet Information Server 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20906
- For Internet Information Server 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20904
Risk factor : Serious
CVE : CVE-2000-0408
Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description IIS 4.05 and 5.0 allow remote attackers to cause a denial of service
via a long, complex URL that appears to contain a large number of file
extensions, aka the "Malformed Extension Data in URL" vulnerability.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10261 SMTP problems: Sendmail mailing to programs
Description
smtp (25/tcp)
The remote SMTP server did not complain when issued the
command :
MAIL FROM: root@this_host
RCPT TO: |testing
This probably means that it is possible to send mail directly
to programs, which is a serious threat, since this allows
anyone to execute arbitrary command on this host.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test, and instead will
just drop the message silently **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CAN-1999-0163
Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description In older versions of Sendmail, an attacker could use a pipe character
to execute root commands.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10137 Denial of Service: MDaemon DoS
Description
smtp (25/tcp)
It was possible to crash the remote SMTP server
by opening a great amount of sockets on it.
This problem allows crackers to make your
SMTP server crash, thus preventing you
from sending or receiving e-mails, which
will affect your work.
Solution :
If your SMTP server is contrained to a maximum
number of processes, i.e. it's not running as
root and as a ulimit 'max user processes' of
256, you may consider upping the limit with 'ulimit -u'.
If your server has the ability to protect itself from
SYN floods, you should turn on that features, i.e. Linux's CONFIG_SYN_COOKIES
The best solution may be cisco's 'TCP intercept' feature.
Risk factor : Serious
CVE : CAN-1999-0846
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description Denial of service in MDaemon 2.7 via a large number of connection
attempts.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10167 SMTP problems: NTMail3 spam feature
Description
smtp (25/tcp)There is a problem in NTMail3, which allows anyone to
use it as a mail relay, provided that the source adress is set to '<>'.
This problem allows any spammer to use your mail server to spam the
world, thus blacklisting your mailserver, and using your network
resources.
Risk factor : Medium.
Solution : There are no solution provided by the author of NTMail,
so you might want to change mail servers
CVE : CAN-1999-0819
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
CVE Description NTMail does not disable the VRFY command, even if the administrator
has explicitly disabled it.
Related Security Advisory Cross Reference(s) Edit Disposition
|
10267 General: SSH Server type and version
Description
ssh (22/tcp)Remote SSH version : SSH-1.5-1.2.27
This detects the SSH Server's type and version by connecting to the server
and processing the buffer received.
This information gives potential attackers additional information about the
system they are attacking. Versions and Types should be omitted
where possible.
Solution: Apply filtering to disallow access to this port from untrusted hosts
Risk factor : LowAdditional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
|
10263 General: SMTP Server type and version
Description
smtp (25/tcp)Remote SMTP server banner :
www2.securityspace.com ESMTP Sendmail 8.9.3/8.8.5
Mon, 22 Jan 2001 14:32:18 -0500
214-This is Sendmail version 8.9.3214-Topics:
214- HELO EHLO MAIL RCPT DATA
214- RSET NOOP QUIT HELP VRFY
214- EXPN VERB ETRN DSN
214-Formore info use "HELP <topic>".
214-To report bugs in the implementation send email to
214- sendmail-bugs@sendmail.org.
214-For local information send email to Postmaster at your site.
214 End of HELP info
This detects the SMTP Server's type and version by connecting to the server
and processing the buffer received.
This information gives potential attackers additional information about the
system they are attacking. Versions and Types should be omitted
where possible.
Solution: Change the login banner to something generic.
Risk factor : LowAdditional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
|
10250 SMTP problems: Sendmail redirection check
Description
smtp (25/tcp)
The remote SMTP server is vulnerable to a redirection
attack. That is, if a mail is sent to :
user@hostname1@victim
Then the remote SMTP server (victim) will happily send the
mail to :
user@hostname1
Using this flaw, an attacker may route a message
through your firewall, in order to exploit other
SMTP servers that can not be reached from the
outside.
*** THIS WARNING MAY BE A FALSE POSITIVE, SINCE
SOME SMTP SERVERS LIKE POSTFIX WILL NOT
COMPLAIN BUT DROP THIS MESSAGE ***
Solution : if you are using sendmail, then at the top
of ruleset 98, in /etc/sendmail.cf, insert :
R@@ 0error 5.7.1 $: '551 Sorry, no redirections.'
Risk factor : Low Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
|
10249 Port scanners: General
Description
smtp (25/tcp)The remote SMTP server
answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find
the delivery adress of mail aliases, or
even the full name of the recipients, and
the VRFY command may be used to check the
validity of an account.
Your mailer should not allow remote users to
use any of these commands, because it gives
them too much informations.
Solution : if you are using sendmail, add the
option
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE : CAN-1999-0531
Additional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10249
Edit Disposition
|
10107 General: HTTP Server type and version
Description
www (80/tcp)The remote web server type is :
Apache/1.3.12 (Unix) PHP/4.0.1pl2 mod_ssl/2.6.5 OpenSSL/0.9.5a
We recommend that you configure your web server to return
bogus versions, so that it makes the cracker job more difficult
This detects the HTTP Server's type and version.
Solution: Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Risk factor : LowAdditional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
|
10092 General: FTP Server type and version
Description
ftp (21/tcp)Remote FTP server banner :
somemachine.somedomain.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.
This detects the FTP Server type and version by connecting to the server and
processing the buffer received.
The login banner gives potential attackers additional information about the
system they are attacking. Versions and Types should be omitted
where possible.
Solution: Change the login banner to something generic.
Risk factor : LowAdditional Information: This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
|
10079 Port scanners: General
Description
ftp (21/tcp)The FTP service allows anonymous logins. If you do not
want to share data with anyone you do not know, then you should deactivate
the anonymous account, since it can only cause troubles.
Under most Unix system, doing :
echo ftp >> /etc/ftpusers
will correct this.
Risk factor : Low
CVE : CAN-1999-0497
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10079
Edit Disposition
|
10287 Port scanners: General
Description
general/udpFor your information, here is the traceroute to X.X.X.X :
X.X.X.X
Additional Information: Traceroute is only a problem if the route shown above is revealing sensitive IP addresses internal to your network. If the addresses shown are all upstream to you, then you have no risk associated with this test. If, on the other hand, we are showing private addresses on the traceroute, you should consider filtering ICMP Destination Unreachable (Code 3) and ICMP Time Exceeded (Code 11) messages. This implementation of traceroute works by sending UDP packets with a source port of 1025 and a destination port of 32768 with increasing TTL values.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Failed to find nessus object 10287
Edit Disposition
|
6. Open Ports - X.X.X.X
|
| Port |
Protocol |
Probable Service |
|
|
| 21 | TCP | ftp | |
You appear to be running an ftp server. You should take care of the
following potential problem areas:
Logins
If you are allowing people to ftp to their account, their userid and
password is traveling clear text over the internet. This means
anyone sniffing network traffic has easy access to userid/password.
Writable directories
If you allow document uploads via anonymous ftp, you might
be used as an "exchange point" for illicit materials.
Bounce-attack scans
If you are running an older version of ftp on a network,
you may be susceptible to a type of port scan known as
a bounce attack, that completely bypasses any firewalls
you have in place. This attack makes use of some ftp servers'
ability to initiate outbound connections to any IP address.
From the nmap
documentation:
FTP bounce attack : An interesting "feature" of
the ftp protocol (RFC 959) is support for "proxy" ftp connections. In
other words, I should be able to connect from evil.com to the FTP
server-PI (protocol interpreter) of target.com to establish the
control communication connection. Then I should be able to request
that the server-PI initiate an active server-DTP (data transfer
process) to send a file ANYWHERE on the internet! Presumably to a
User-DTP, although the RFC specifically states that asking one server
to send a file to another is OK. Now this may have worked well in
1985 when the RFC was just written. But nowadays, we can't have
people hijacking ftp servers and requesting that data be spit out to
arbitrary points on the internet. As *Hobbit* wrote back in 1995,
this protocol flaw "can be used to post virtually untraceable mail and
news, hammer on servers at various sites, fill up disks, try to hop
firewalls, and generally be annoying and hard to track down at the
same time." What we will exploit this for is to (surprise, surprise)
scan TCP ports from a "proxy" ftp server. Thus you could connect to
an ftp server behind a firewall, and then scan ports that are more
likely to be blocked (139 is a good one). If the ftp server allows
reading from and writing to a directory (such as /incoming), you can
send arbitrary data to ports that you do find open.
For port scanning, our technique is to use the PORT command to declare that
our passive "User-DTP" is listening on the target box at a certain port number.
Then we try to LIST the current directory, and the result is sent over the
Server-DTP channel. If our target host is listening on the specified port, the
transfer will be successful (generating a 150 and a 226 response). Otherwise
we will get "425 Can't build data connection: Connection refused." Then we
issue another PORT command to try the next port on the target host. The
advantages to this approach are obvious (harder to trace, potential to bypass
firewalls). The main disadvantages are that it is slow, and that some FTP
servers have finally got a clue and disabled the proxy "feature".
| | |
| 22 | TCP | ssh | |
You appear to be running SSH. That's good. A couple of
things to note with it, however. Like any other software
package, SSH is also subject to bugs that are fixed over
time. These bugs, despite the fact that SSH provides
a secure communication channel, may allow an attacker
to compromise your system. You should ensure that you
are running the latest SSH/patched versions.
| | |
| 25 | TCP | smtp | |
You appear to be to be running a mail gateway. You should make
sure that your mail system cannot be used as a mail
relay. Internet SPAM, also known as UBE (unsolicited bulk email)
is a problem on the internet, and spammers (those that send
this type of mail) will often use poorly configured mail systems
to deliver mail on their behalf. This deflects the wrath of
many system administrators to YOU, the owner/operator of
the misconfigured service. It can also result in you being
placed in one of several on-line databases that list you
as allowing mail-relay, the end-result being that some mail
systems will reject any mail you try to send.
| | |
| 80 | TCP | http | |
It appears that you are running a web server. If you have
not done so, we recommend that you run the latest version of
a popular web server. Many "fringe market" web servers have
known bugs that are slow to be fixed because few people
care about the problems. These problems can often leave you
open to someone accessing/modifying files on your system
that they shouldn't. By running a popular web server,
you lower the risk of this type of problem, and when problems
are found, it is likely that a patch will be made available
rapidly to fix the problem. Check our
survey to see what the
most popular web servers are.
| | |
| 5432 | TCP | postgres | |
No description available for this port at this time.
| |
|
| Number of open ports found by port scan:5 |
| |
Appendix A: Risk Definitions
|
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections. High Risk Vulnerabilities
We view this class as any test that can be used to breach the integrity of the system, or take the system off line (DoS). These types of vulnerabilities are typically very easy for malicious users to take advantage of.
Medium Risk Vulnerabilities
We view this class as any test that may be able to access inappropriate data in the system, which may in turn be combined with other information to provide a subsequent compromise. Although more difficult to take advantage of, these problems should still be rectified.
Low Risk Vulnerabilities
We view these vulnerabilities as problems typically only if the information they provide or access granted can be used in conjuntion with a one or more other vulnerabilities to compromise your system or network. These vulnerabilities are usually not problems in their own right, but could potentially lead to problems in conjunction with other services.
Other Items to be Considered
This class of problems is used both to display informational items that are usually not problems but that you should be aware of (e.g. the "traceroute" determined from our systems to your site).
AppendixB: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20100715, and CAN Version Number 20100715. These were verified on July 21, 2010 as being the latest available.
Appendix C: List of Tests Executed
|
This supplement details the list of all tests that were available as part of this audit request. THIS IS A LARGE REPORT! It does not provide any information on vulnerabilities found during the audit. Instead, it is a complete list of all tests that were part of this audit, along with descriptions. If you intend to print this report, please choose the printer friendly link below. The size of the report will vary depending on the type of audit you ran, but can easily be 200 pages long when printed, and more than 600K in size.
Finally, please note that this list is dependent on the audit you ran. If you come back in a month and run the same audit again, it is likely that this supplement will change, since additional tests will have probably been added to the test suite. Each audit report we produce has its own copy of this supplement that reflects the test suite available at the time this audit was run.
Because of the large size of this report, it may take several minutes for it to be displayed properly on some browsers once the complete report is downloaded (e.g. Netscape). Be patient, it will come up eventually.
View Test List Printer Friendly Test List
|
