Need help with your equipment?
storagequeen's profile

Contributor

 • 

3 Messages

Friday, May 20th, 2016 3:54 PM

Closing Port 80

The following is what the tech said from our credit card processing:  "Your scan results show a host of vulnerabilities on port 80. If you close Port 80 then it is likely that upon a rescan you will pass. That would be the easiest route. Your internet service provider may be able to assist you with closing that port if they provided you with the network gear containing the firewall." 

Community Support

 • 

6.7K Messages

8 years ago

Hi @storagequeen,

 

Port 80 is for "http" traffic and would typically be open. Could you clarify and provide a screenshot of the issue you are having with service.

 

ATTU-verseCare

Contributor

 • 

3 Messages

8 years ago

This is the best that I could do:

 

Part 1. Scan Information Scan Customer Company: CAPT'N HOOK SELF STORAGE ASV Company: ControlScan Scan Date: 2016-05-21 12:32:53 Scan Expires: 2016-08-19 The following PCI vulnerability severity levels are also used to categorize the vulnerabilities in compliance with the PCI DSS: CVSS Score Severity Level Scan Results Guidance 7.0 thru 10.0 High Severity Fail To achieve a passing scan, these vulnerabilities must be corrected and the environment must be re-scanned after the corrections ( with a report that shows a passing scan). Organizations must take a risk-based approach to correct these types of vulnerabilities, starting with the most critical ones (rated 10.0), then those rated 9, followed by those rated 8, 7, etc. until all vulnerabilities rated 4.0 through 10.0 are corrected. 4.0 thru 6.9 Medium Severity Fail 0.0 thru 3.9 Low Severity Pass While passing scan results can be achieved with vulnerabilities rated 0.0 through 3.9, organizations are encouraged, but not required, to correct these vulnerabilities. Part 2. Vulnerability Summary Affected IP Address Vulnerability CVE CVSS Score Severity Level Compliance Status Details 99.63.180.104:80/tcp web server autoindex enabled CVE-1999-0569 10.0 High FAIL A URL for a WWW directory allows auto- indexing, which provides a list of all files in that directory if it does not contain an index.html file. 99.63.180.104:80/tcp command injection in acccount_id parameter to /cgibin/debug_module.cgi?1 None 9.0 High FAIL The web program is vulnerable to a command injection attack. That is, one or more input parameters are used by the program in an operating system call without sufficient sanitization, allowing remote attackers to run arbitrary commands by placing shell metacharacters into a specially crafted parameter. 99.63.180.104:80/tcp command injection in ftp_add parameter to /cgibin/debug_module.cgi?1 None 9.0 High FAIL The web program is vulnerable to a command injection attack. That is, one or more input parameters are used by the program in an operating system call without sufficient sanitization, allowing remote attackers to run arbitrary commands by placing shell metacharacters into a specially crafted parameter. 99.63.180.104:80/tcp command injection in system_cmd parameter to /cgibin/debug_module.cgi?2 None 9.0 High FAIL The web program is vulnerable to a command injection attack. That is, one or more input parameters are used by the program in an operating system call without sufficient sanitization, allowing remote attackers to run arbitrary commands by placing shell metacharacters into a specially crafted parameter. 99.63.180.104:80/tcp SQL injection vulnerability in acccount_id parameter to /cgibin/debug_module.cgi?1 None 7.8 High FAIL When a web application uses user- supplied input parameters within SQL queries without first checking them for unexpected characters, it becomes possible for an attacker to manipulate the query. 99.63.180.104:80/tcp SQL injection vulnerability in ftp_add parameter to /cgibin/debug_module.cgi?1 None 7.8 High FAIL When a web application uses user- supplied input parameters within SQL queries without first checking them for unexpected characters, it becomes possible for an attacker to manipulate the query. 99.63.180.104:80/tcp SQL injection vulnerability in system_cmd parameter to /cgibin/debug_module.cgi?2 None 7.8 High FAIL When a web application uses user- supplied input parameters within SQL queries without first checking them for unexpected characters, it becomes possible for an attacker to manipulate the query. 99.63.180.104:80/tcp vulnerable thttpd version: 2.25b CVE-2006-1079 7.2 High FAIL htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. 99.63.180.104:80/tcp vulnerable thttpd version: 2.25b CVE-2006-1078 7.2 High FAIL Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. 99.63.180.104:80/tcp vulnerable thttpd version: 2.25b CVE-2009-4491 5.0 Medium FAIL thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. 99.63.180.104: TCP reset using approximate sequence number CVE-2004-0230 5.0 Medium PASS TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. 99.63.180.104:80/tcp Web error message information leakage: /cgibin/debug_module.cgi None 2.6 Low PASS The web server produced an error message containing detailed information about an error in the application or back-end database. 99.63.180.104:80/tcp web program allows cross-site scripting in query string () None 2.6 Low FAIL Several types of web servers and CGI programs include the user's request in their response. For example, a request for the page http://server/nonexistent_page.html may cause server to respond: The page nonexistent_page.html does not exist on this server. 99.63.180.104:80/tcp Possible direct URL access to protected page: /cgibin/read_config.cgi None 2.6 Low PASS Some applications attempt to protect pages by hiding links to the page from unauthorized users. This form of protection doesn't adequately protect the page if access to the page is still possible by requesting the URL directly. 99.63.180.104:7623/tcp TCP timestamp requests enabled None 2.6 Low PASS TCP timestamps are enabled on the remote host. This could allow a remote attacker to estimate the amount of time since the remote host was last booted. 99.63.180.104:80/tcp web server allows MIME sniffing None 2.6 Low PASS MIME sniffing presents a cross-site scripting vulnerability when a file may be interpreted as a different file type by the server than by the browser. 99.63.180.104:7620/tcp 7620/TCP Service Discovered 99.63.180.104:7621/tcp 7621/TCP Service Discovered 99.63.180.104:7622/tcp 7622/TCP Service Discovered 99.63.180.104:7623/tcp 7623/TCP Service Discovered 99.63.180.104:7624/tcp 7624/TCP Service Discovered 99.63.180.104:80/tcp WWW Service Discov

Community Support

 • 

6.7K Messages

8 years ago

Hi @storagequeen,

 

It does seem like the vulnerabilities listed are ones that would apply to any user. If internet browsing is not needed at all for your internet connection, you can have your gateway setup to discard the packets on port 80. On an NVG gateway, you can do this via the packet filter option. On a PACE gateway, in the firewall advanced configuration setting, you can disable HTTP traffic.

 

Hope this helps.

 

-ATTU-verseCare

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.