Академический Документы
Профессиональный Документы
Культура Документы
Website fingerprinting
Version-based vulnerability detection
Cross-Site Scripting
Local/Remote File Inclusion
http://213.55.83.154/
Summary
Ov erall risk lev el: Risk rat ings: Scan informat ion:
H igh High: 2 Start time: 2019-09-20 18:35:12 UTC+03
Medium: 2 Finish time: 2019-09-20 18:35:33 UTC+03
Findings
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or threads (including
http_server
7.2 CVE-2019-0211 scripts executed by an in-process scripting interpreter) could execute arbitrary N/A
2.4.29
code with the privileges of the parent process (usually root) by manipulating the
scoreboard. Non-Unix systems are not affected.
1/4
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a
newline character in a malicious filename, rather than matching only the end of
http_server
6.8 CVE-2017-15715 the filename. This could be exploited in environments where uploads of some N/A
2.4.29
files are are externally blocked, but only by matching the trailing portion of the
filename.
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with
"H2PushResource", could lead to an overwrite of memory in the pushing http_server
5 CVE-2019-10081 N/A
request's pool, leading to crashes. The memory copied is that of the configured 2.4.29
push link header values, not data supplied by the client.
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the
session expiry time before decoding the session. This causes session expiry time http_server
5.0 CVE-2018-17199 N/A
to be ignored for mod_session_cookie sessions since the expiry time is loaded 2.4.29
when the session is decoded.
Details
Ris k de s c ription:
These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service
attacks. An attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the
system.
Details
Ris k de s c ription:
An attacker could intercept the communication between the web browser and the server and he could retrieve the clear-text authentication
credentials.
_ambo_erp_session Secure
Details
Ris k de s c ription:
Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made.
Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie
of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.
Details
Ris k de s c ription:
The communication between the web browser and the server is done using the HTTP protocol, which transmits data unencrypted over the
network. Thus, an attacker who manages to intercept the communication at the network level, is able to read and modify the data transmitted
2/4
(including passwords, secret tokens, credit card information and other sensitive data).
Details
Ris k de s c ription:
An attacker could use this information to mount specific attacks against the identified software type and version.
3/4
Scan coverage information
Scan parameters
Website URL: http://213.55.83.154/
Scan type: Light
Authentication: False
4/4