LAST UPDATED: 2022-12-05
This report identifies hosts that have the Hypertext Transfer Protocol (HTTP) service running on some port that may have a vulnerability.
It currently focuses on the following vulnerabilities:
- Zimbra Communication Suite – a CVE-2022-37042 vulnerability discovered by Volexity (blog published 2022-08-10) that allows for remote code execution, and has been exploited in the wild since at least June 2022. This vulnerability was patched in Zimbra releases ZCS 9.0.0 Patch 26 and ZCS 8.8.15 Patch 33, July 28th,2022. If you receive a report on an IP tagged
cve-2022-37042it is likely you are vulnerable to this exploit and possibly already compromised (which may involve a webshell being installed by an attacker). Please note we are making this assessment entirely on the ZCS build time, and tagging all versions earlier than 2022-07-26 build time as vulnerable. Hence, there is a possibility of false positives.
- HTTP hosts that implement Basic Authentication in plain HTTP. This is a security risk as credentials are transmitted in cleartext, without encryption. Enforce the use of HTTPS instead. Instances found will be tagged
basic-authin the report message.
- Exposed .git folders. The tag in this case is
git-config-file.For an overview of security risks associated with .git exposure and what actions you can take to mitigate the risk, please read “Unprotected .git folders on the internet pose a security risk” by NCSC CH.
- Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent), tagged as
cve-2021-35587allowing for unauthenticated remote code execution. If you get such an alert make sure to apply Oracle’s patches here.
Other vulnerabilities may be added in the future to this report.
You can view results from our vulnerable HTTP scans in our Dashboard here.
For a report about all accessible HTTP hosts (including those without vulnerabilities) please see our Accessible HTTP Report.
For more information on our scanning efforts, check out our Internet scanning summary page.
This report has an IPv4 and IPv6 version.
Filename(s): scan_http_vulnerable, scan6_http_vulnerable