[ZendTo] Security

[Joao Alexandre]

Hi Jules,

All of our internet facing structure was evaluated/scanned for
security problems and regarding ZendTo they found two issues. They
don't seem to be related itself with ZendTo but maybe you can help us
resolve or lead us to the solution:

1.
Vulnerability details -
Script ID    201167
Name    Directory Browsing
Port    443/TCP - http
Risk factor    Medium risk
CVSS Score    5.0 - (AV:N/AC:L/Au:N/C:P/I:N/A:N)
(cdp:ND/td:ND/cr:ND/ir:ND/ar:ND)
Family    http
Product    HTTP
Description    This service lists the contents of various directories.
Information    Browsable directories:
Location
/js/
/images/
/icons/
/css/
Solution    Disable directory browsing
History    First seen : 2011-12-09 08:02 - New finding

2.
Script ID    236788
Name    SSL/TLS Cipher Suite Detect MD5
Port    443/TCP - http
Risk factor    Medium risk
CVSS Score    5.0 - (AV:N/AC:L/Au:N/C:N/I:P/A:N)
(cdp:ND/td:ND/cr:ND/ir:ND/ar:ND)
Family    ssl
Product    SSL
Description    The MD5 Message-Digest Algorithm is not collision
resistant, which makes it easier for context-
dependent attackers to conduct spoofing attacks, as demonstrated by
attacks on the use of MD5 in the
signature algorithm of an X.509 certificate.
Information     SSLv3 Cipher Suite  OpenSSL Cipher
Name
Algorithm Bits Bits Used Cipher Strength
RSA_WITH_RC4_1
28_MD5
RC4-MD5 128 128 medium
TLSv1 Cipher Suite  OpenSSL Cipher
Name
Algorithm Bits Bits Used Cipher Strength
RSA_WITH_RC4_1
28_MD5
RC4-MD5 128 128 medium
Solution    Reconfigure the service to disallow the listed cipher suites
Reference    url - http://www.kb.cert.org/vuls/id/836068CVE    CVE-2004-2761
History    First seen : 2011-12-09 08:02 - New finding

What can we do or where to look?

Thanks in advance.

Cheers,

Joao