04-01-2022 01:05 AM - edited 04-01-2022 01:06 AM
Vulnerability Name:
11213:HTTP TRACE / TRACK Methods Allowed
Affected Hosts, Port(s), Vulnerability IDs:
Panmigration tool , tcp:80, 11213
I see this Vulnerability on the Expedition Migration tool. Could you please suggest mitigation plan?
04-01-2022 09:43 AM - edited 04-01-2022 09:44 AM
Hi @ShravanKumar httpd is not enabled in Expedition VM, you can try to validate using below command :
curl -i expedition -X TRACE http://{yourexpeditionIP}/
You should get response back like below:
curl: (7) Failed to connect to {yourexpeditionIP} port 80: Connection refused
04-06-2022 03:03 AM
Hi Lychiang,
Thanks for the reply. I'm getting below. May I know is this something we can mitigate on the server level? as this is a custom tool?
shravaxxxxx:~ shravaxxxxx$ curl -i panmig-xxxx.xxx.vmware.com -X TRACE http://10.166.xxx.xxx
HTTP/1.1 200 OK
Date: Wed, 06 Apr 2022 09:33:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7
Transfer-Encoding: chunked
Content-Type: message/http
TRACE / HTTP/1.1
Host: panmig-xxx.xxx.vmware.com
User-Agent: curl/7.77.0
Accept: */*
HTTP/1.1 200 OK
Date: Wed, 06 Apr 2022 09:33:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7
Transfer-Encoding: chunked
Content-Type: message/http
TRACE / HTTP/1.1
Host: 10.166.xxx.xxx
User-Agent: curl/7.77.0
Accept: */*
shravxxxxx-a02:~
04-06-2022 09:29 AM
Hi,
Which version of Expedition are you running?
The signature that we see from your running command refers to CentOS, but Expedition is offered under Ubuntu.
Also, I do not think we expose the tcp/80 on Expedition. When available, it directly redirects to tcp/443.
Are you certain you are targeting an Expedition instance?
04-07-2022 01:17 AM
I'm sure I'm targetting expedition tool IP.
We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?
04-10-2022 11:39 PM
I'm sure I'm targetting expedition tool IP.
We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?
04-11-2022 10:18 AM
Could be, then please follow the suggested remediation method for centos
04-13-2022 06:46 AM
May I know what is the root password of Expedition tool? and how to check the current version and what is the procedure to upgrade to next version?
04-13-2022 09:48 AM
by default is "paloalto" but you could give specific root password during ubuntu installation, You can login to the expedition GUI and check the version in the dashboard, in the ubuntu CLI, you issue below commands to upgrade the tool to the latest version:
sudo apt-get update
sudo apt-get install expedition-beta
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
