Another moronic port scanner. I’ve never seen one properly identify anything useful beyond seeing an open port. Ignore all the CVE nonsense - none of it is relevant, accurate, or useful in any way whatsoever.
You have port 81 exposed - most likely UCP. If it’s not intentional, close it.
I know its UCP and I know port 81 is exposed. I know you can just close it if not using it but what if I was using it for client access?
Moronic or not, the way of the world is moving towards security certs and ISO/USOC/ etc are not helping the matter.
To further the conversation, I have absolutely seen relevant reported information from these scans. The interpretation and level of severity as it pertains to your environment may be different but they are areas to explore and sure up if needed.
With that said, these security compliance companies run these scans and they harp on it. You would need to justify why its not an issue or fix it. You cant simply say its moronic and move on. You would never get their business.
I can’t think of any reason why you would need that, other than for testing or troubleshooting – use HTTPS access instead. Any modern browser (or automation tool that emulates a browser) is HTTPS capable.
Basically I do, but back it up with the facts. If you look at the list of CVE’s it will be quickly obvious that none of the products mentioned are in play. That alone is likely enough response.
If you actually think trace is a problem, or just want to shut them up, then disable trace in httpd.conf. I don’t bother on distro installs, but I don;t think it will cause any issues.
I set UCP to reject via the GUI under Connectivity >> Firewall >> Flyout >> Services and rescanned and warnings went away. I am syncing on trusted zone currently for IDS