Security Report for pddmef.mef.gov.it - Deep SSL/TLS Vulnerability Analysis

Deep SSL/TLS Vulnerability Test

This report provides a deep analysis of the SSL/TLS configuration of pddmef.mef.gov.it. It checks for protocol support, cipher strength, and known vulnerabilities.

Scan Results

 Start 2026-01-24 12:57:28        -->> 5.152.242.79:443 (pddmef.mef.gov.it) <<--

 rDNS (5.152.242.79):    5-152-242-79.ip253.fastwebnet.it.
 Service detected:       HTTP

 Testing for server implementation bugs 

 No bugs found.

 Testing HTTP header response @ "/" 

 HTTP Status Code             500 Internal Server Error. Oh, didn't expect "500 Internal Server Error"
 HTTP clock skew              Got no HTTP time, maybe try different URL?
 Strict Transport Security    not offered
 Public Key Pinning           --
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    (none issued at "/") -- HTTP status 500 signals you maybe missed the web application
 Security headers             --
 Reverse Proxy banner         --


 Testing vulnerabilities 

 Secure Renegotiation (RFC 5746)           supported (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no gzip/deflate/compress/br HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    VULNERABLE, uses 64 bit block ciphers
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
                                           https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=A164277E370C809D9F75B590C35F68CAFA7D1DDFAB967FCA929460BB10ACA8CD
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common prime detected
 BEAST (CVE-2011-3389)                     TLS1: DES-CBC3-SHA
                                                 EDH-RSA-DES-CBC3-SHA 
                                           VULNERABLE -- but also supports higher protocols  TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses obsolete cipher block chaining ciphers with TLS, see server prefs.
 Winshock (CVE-2014-6321), experimental    not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        VULNERABLE (NOT ok): RC4-SHA RC4-MD5


 Done 2026-01-24 12:58:55 [  97s] -->> 5.152.242.79:443 (pddmef.mef.gov.it) <<--

About this Scan

This scan uses testssl.sh to check for:

Protocols: SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
Vulnerabilities: Heartbleed, POODLE, FREAK, Logjam, DROWN, etc.
Cipher Suites: Weak ciphers, perfect forward secrecy (PFS) support.

Run Another Scan Recent Scans