Pentest Scans for Port 81


#1

Hey -

While performing pentest scans, we got the following reports back
HTTP Debugging Methods (TRACE/TRACK) Enabled (port 81/tcp)

  • CVSS Base Score: 5.8
  • CVE: CVE-2003-1567, CVE-2004-2320, CVE-2004-2763, CVE-2005-3398, CVE-2006-4683, CVE-2007-3008, CVE-2008-7253, CVE-2009-2823, CVE-2010-0386, CVE-2012-2223, CVE-2014-7883

Cleartext Transmission of Sensitive Information via HTTP (port 81/tcp)

  • CVSS Base Score: 4.8

Missing httpOnly Cookie Attribute (port 81/tcp)

  • CVSS Base Score: 5.0

Any thoughts on these issues?


#2

Another moronic port scanner. I’ve never seen one properly identify anything useful beyond seeing an open port. Ignore all the CVE nonsense - none of it is relevant, accurate, or useful in any way whatsoever.

You have port 81 exposed - most likely UCP. If it’s not intentional, close it.


#3

I know its UCP and I know port 81 is exposed. I know you can just close it if not using it but what if I was using it for client access?

Moronic or not, the way of the world is moving towards security certs and ISO/USOC/ etc are not helping the matter.

To further the conversation, I have absolutely seen relevant reported information from these scans. The interpretation and level of severity as it pertains to your environment may be different but they are areas to explore and sure up if needed.

With that said, these security compliance companies run these scans and they harp on it. You would need to justify why its not an issue or fix it. You cant simply say its moronic and move on. You would never get their business.


#4

I can’t think of any reason why you would need that, other than for testing or troubleshooting – use HTTPS access instead. Any modern browser (or automation tool that emulates a browser) is HTTPS capable.


#5

Basically I do, but back it up with the facts. If you look at the list of CVE’s it will be quickly obvious that none of the products mentioned are in play. That alone is likely enough response.

If you actually think trace is a problem, or just want to shut them up, then disable trace in httpd.conf. I don’t bother on distro installs, but I don;t think it will cause any issues.


#7

Also, as a curiosity, are any other http/https ports open?

If the scanner considers trace itself an issue, it should have reported the error on any open apache port.


#8

I set UCP to reject via the GUI under Connectivity >> Firewall >> Flyout >> Services and rescanned and warnings went away. I am syncing on trusted zone currently for IDS

Trace only came up on port 81

I did get these ‘low’ risks

  • SSL/TLS: XMPP ‘STARTTLS’ Extension Detection (port 5222/tcp)
  • XMPP Detection (port 5222/tcp)

(system) closed #9

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.