DESCRIPTION LAST UPDATED: 2023-12-11
DEFAULT SEVERITY LEVEL: DOCKER
This report identifies accessible Docker servers on port 2375/tcp. As described in Wikipedia, Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.
In this scan we are identifying the underlying Docker service platform (the host) that can run containers.
How we scan
We scan by sending a HTTP GET /version request to port 2375/tcp and await a Docker response.
You can replicate our scan by using the following zgrab2 command:
zgrab2 http -p 2375 --endpoint="/version"
Based on the response received some data may also be tagged CVE-2019-5736 (tag is triggered on BuildTime < 2019-02-11), which may allow for host root access to be obtained.
As of 2022-07-04, we see 551 accessible Docker services worldwide – with 290 of these tagged additionally with CVE-2019-5736.
You can track latest Docker scan results on the Shadowserver Dashboard.
It is unlikely that you need to have a Docker service allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive this report from us for your network or constituency make sure to firewall traffic to this service or place it behind a VPN. Make sure to upgrade if your instance is tagged with CVE-2019-5736!
Severity levels are described here.
For more information on our scanning efforts, check out our Internet scanning summary page.