Vulnerability Name: 11213:HTTP TRACE / TRACK Methods Allowed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Vulnerability Name: 11213:HTTP TRACE / TRACK Methods Allowed

L1 Bithead

Vulnerability Name:
11213:HTTP TRACE / TRACK Methods Allowed

Affected Hosts, Port(s), Vulnerability IDs:
Panmigration tool , tcp:80, 11213

 

I see this Vulnerability on the Expedition Migration tool. Could you please suggest mitigation plan?

8 REPLIES 8

L6 Presenter

Hi @ShravanKumar httpd is not enabled in Expedition VM, you can try to validate using below command :

 

curl -i expedition -X TRACE http://{yourexpeditionIP}/

 

You should get response back like below:

curl: (7) Failed to connect to {yourexpeditionIP} port 80: Connection refused

 

Hi Lychiang,

Thanks for the reply. I'm getting below. May I know is this something we can mitigate on the server level? as this is a custom tool?

 

shravaxxxxx:~ shravaxxxxx$ curl -i panmig-xxxx.xxx.vmware.com  -X TRACE http://10.166.xxx.xxx

HTTP/1.1 200 OK

Date: Wed, 06 Apr 2022 09:33:12 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7

Transfer-Encoding: chunked

Content-Type: message/http

 

TRACE / HTTP/1.1

Host: panmig-xxx.xxx.vmware.com

User-Agent: curl/7.77.0

Accept: */*

 

HTTP/1.1 200 OK

Date: Wed, 06 Apr 2022 09:33:15 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7

Transfer-Encoding: chunked

Content-Type: message/http

 

TRACE / HTTP/1.1

Host: 10.166.xxx.xxx

User-Agent: curl/7.77.0

Accept: */*

 

shravxxxxx-a02:~

L5 Sessionator

Hi,

 

Which version of Expedition are you running?

The signature that we see from your running command refers to CentOS, but Expedition is offered under Ubuntu.

Also, I do not think we expose the tcp/80 on Expedition. When available, it directly redirects to tcp/443.

 

Are you certain you are targeting an Expedition instance?

I'm sure I'm targetting expedition tool IP. 

We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?

I'm sure I'm targetting expedition tool IP. 

We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?

Could be, then please follow the suggested remediation method for centos 

May I know what is the root password of Expedition tool? and how to check the current version and what is the procedure to upgrade to next version?

by default is "paloalto" but you could give  specific root password during ubuntu installation,  You can login to the expedition GUI and check the version in the dashboard, in the ubuntu CLI, you issue below commands to upgrade the tool to the latest version:

 

sudo apt-get update

sudo apt-get install expedition-beta 

  • 4644 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!