Results of a vulnerabilities scan of NFVI Systems

Solution In Progress - Updated -

Issue

  • The customer reported that there are some vulnerabilities on the NFVI systems according the vulnerability scan results which is made by the customer's Security teams.

  • Attached to this case, you can find an excel sheet that they providde us about the vulnerabilities:

Plugin  Plugin Name Family  Severity    IP Address  Protocol    Port    Exploit?    Repository  DNS Name
40984   Browsable Web Directories   CGI abuses  Medium  10.10.10.10 TCP 80  No  Individual Scan director.localdomain
40984   Browsable Web Directories   CGI abuses  Medium  10.10.10.10 TCP 8088    No  Individual Scan director.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.10 TCP 80  No  Individual Scan director.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.10 TCP 383 No  Individual Scan director.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.10 TCP 8088    No  Individual Scan director.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.11 TCP 383 No  Individual Scan openstack-controller-0.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.11 TCP 2224    No  Individual Scan openstack-controller-0.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.10.14 TCP 383 No  Individual Scan openstack-compute-0.localdomain
11213   HTTP TRACE / TRACK Methods Allowed  Web Servers Medium  10.10.10.10 TCP 80  No  Individual Scan director.localdomain
11213   HTTP TRACE / TRACK Methods Allowed  Web Servers Medium  10.10.10.10 TCP 8088    No  Individual Scan director.localdomain
51192   SSL Certificate Cannot Be Trusted   General Medium  10.10.10.11 TCP 2224    No  Individual Scan openstack-controller-0.localdomain
57582   SSL Self-Signed Certificate General Medium  10.10.10.11 TCP 2224    No  Individual Scan openstack-controller-0.localdomain
70658   SSH Server CBC Mode Ciphers Enabled Misc.   Low 10.10.10.10 TCP 22  No  Individual Scan director.localdomain
70658   SSH Server CBC Mode Ciphers Enabled Misc.   Low 10.10.10.11 TCP 22  No  Individual Scan openstack-controller-0.localdomain
70658   SSH Server CBC Mode Ciphers Enabled Misc.   Low 10.10.10.14 TCP 22  No  Individual Scan openstack-compute-0.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.12.33 TCP 7000    No  Individual Scan openstack-storage-0.localdomain
10107   HTTP Server Type and Version    Web Servers Medium  10.10.12.33 TCP 9283    No  Individual Scan openstack-storage-0.localdomain
24260   HyperText Transfer Protocol (HTTP) Information  Web Servers Medium  10.10.11.12 TCP 9200    No  Individual Scan openstack-controller-1.localdomain
24260   HyperText Transfer Protocol (HTTP) Information  Web Servers Medium  10.10.12.33 TCP 7000    No  Individual Scan openstack-storage-0.localdomain
24260   HyperText Transfer Protocol (HTTP) Information  Web Servers Medium  10.10.12.33 TCP 9100    No  Individual Scan openstack-storage-0.localdomain
24260   HyperText Transfer Protocol (HTTP) Information  Web Servers Medium  10.10.12.33 TCP 9283    No  Individual Scan openstack-storage-0.localdomain
50345   Missing or Permissive X-Frame-Options HTTP Response Header  CGI abuses  Medium  10.10.12.33 TCP 7000    No  Individual Scan openstack-storage-0.localdomain
50345   Missing or Permissive X-Frame-Options HTTP Response Header  CGI abuses  Medium  10.10.12.33 TCP 9100    No  Individual Scan openstack-storage-0.localdomain
50345   Missing or Permissive X-Frame-Options HTTP Response Header  CGI abuses  Medium  10.10.12.33 TCP 9283    No  Individual Scan openstack-storage-0.localdomain
44135   Web Server Generic Cookie Injection CGI abuses  Medium  10.10.12.34 TCP 7000    No  Individual Scan openstack-storage-1.localdomain
44135   Web Server Generic Cookie Injection CGI abuses  Medium  10.10.12.35 TCP 7000    No  Individual Scan openstack-storage-2.localdomain
  • The customer asks our help to analyze items and see if there are any items where we can close its port/service. If we're unable to close ports or services, is there any other way to apply fixes for those items on the system at solution column of Excel sheet?

Environment

  • Red Hat OpenStack Platform 10.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In