GeneralInformation

Hostnames	image.bannerbridge.net tk2-261-40023.vs.sakura.ne.jp
Domains	bannerbridge.net sakura.ne.jp
Country	Japan
City	Tokyo
Organization	SAKURA Internet Inc.
ISP	SAKURA Internet Inc.
ASN	AS9370

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-11072

7.5lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.

CVE-2018-19052

5.0An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

OpenPorts

21 80 443

792679561 | 2024-03-31T20:12:34.714336

21 / tcp

421 Service not available.\r\n

-718127891 | 2024-04-18T14:36:56.647929

80 / tcp

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "2166724200"
Last-Modified: Thu, 11 May 2017 01:09:56 GMT
Content-Length: 232
Date: Thu, 18 Apr 2024 14:36:56 GMT
Server: lighttpd/1.4.45

-718127891 | 2024-04-18T23:29:49.271816

443 / tcp

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "2166724200"
Last-Modified: Thu, 11 May 2017 01:09:56 GMT
Content-Length: 232
Date: Thu, 18 Apr 2024 23:29:48 GMT
Server: lighttpd/1.4.45

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:d8:bd:d9:05:d5:f2:b1:86:2d:01:c2:43:98:c0:3a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., CN=FujiSSL Public Validation Authority - G3
        Validity
            Not Before: Apr 15 05:36:07 2024 GMT
            Not After : May 16 05:36:07 2025 GMT
        Subject: CN=image.bannerbridge.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:fd:98:7d:e3:d4:42:7e:13:ac:39:13:0f:a9:7c:
                    6c:61:43:a8:cd:f6:82:7c:a3:dc:a9:e5:55:cc:f1:
                    16:31:ec:82:89:01:c1:a0:dc:bf:16:84:59:29:3b:
                    de:1d:99:08:c4:3a:be:f7:9f:f1:97:81:e4:30:ba:
                    88:f3:d0:61:65:0e:2a:08:b1:c0:76:d6:6f:31:4c:
                    f4:ca:e4:a0:ba:f2:29:4c:f2:7c:0a:3e:14:62:08:
                    66:d5:f5:07:ce:7f:38:96:0a:df:fe:55:20:91:3b:
                    b1:05:fd:45:d8:18:af:b8:f1:80:59:c9:9a:81:26:
                    4a:f5:a1:46:27:c6:47:da:14:bd:f2:55:f2:c3:d7:
                    5c:23:42:47:1c:39:36:5e:d1:18:6b:83:7b:3c:30:
                    5d:59:da:72:35:5c:54:26:1a:19:ae:42:28:fb:c9:
                    7b:47:0c:44:c5:4c:c4:6f:72:28:9a:72:b6:7c:e8:
                    91:fb:b0:3f:26:18:65:7c:b2:dd:26:96:22:a5:32:
                    d1:fb:f8:35:6d:9d:27:5e:4f:a3:de:ea:61:2a:3c:
                    d9:f7:aa:9a:47:23:04:24:ae:4e:d9:d5:6c:df:69:
                    01:f8:fb:03:ac:cd:5e:ee:b6:17:16:50:fa:54:80:
                    cb:8a:73:3e:f2:1f:ef:47:5b:3c:09:5f:9d:35:9c:
                    07:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                BC:EB:D9:11:E0:51:64:6F:FF:F0:74:4F:0D:5A:AB:4A:4F:2D:78:27
            Authority Information Access: 
                CA Issuers - URI:http://repo1.secomtrust.net/sppca/nijimo3/ca-der.cer
                OCSP - URI:http://nijimo3.ocsp.secomtrust.net
            X509v3 Subject Alternative Name: 
                DNS:image.bannerbridge.net
            X509v3 Certificate Policies: 
                Policy: 1.2.392.200091.110.213.1
                  CPS: https://repo1.secomtrust.net/sppca/nijimo3/
                Policy: 2.23.140.1.2.1
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://repo1.secomtrust.net/sppca/nijimo3/fullCRL.crl
            X509v3 Subject Key Identifier: 
                81:EA:95:D7:E3:03:2B:0F:1B:BF:68:0C:94:6E:28:D3:F0:7E:A1:25
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Apr 15 05:46:07.703 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:90:A5:72:08:28:19:D1:2B:48:38:FA:
                                5F:AF:6B:61:DA:62:F0:D6:63:E3:7F:19:94:D0:04:9D:
                                94:ED:C2:B2:80:02:21:00:9C:10:D3:00:73:F6:5A:50:
                                29:03:78:A8:B9:A6:BE:06:0E:1B:B0:AF:A2:EF:FD:A5:
                                39:D3:E5:A3:11:F9:43:C9
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
                                1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
                    Timestamp : Apr 15 05:46:08.311 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:E5:A8:5C:25:4F:EE:23:9A:8C:3B:86:
                                C4:5B:C2:64:D2:36:E0:1C:CF:99:0F:D8:8A:25:86:D7:
                                5D:79:6B:D5:4A:02:20:77:9F:98:0F:09:57:1B:3B:C9:
                                36:EA:75:4F:C9:24:85:03:3A:EB:B9:C7:87:3D:B6:32:
                                C4:78:3B:01:7A:B5:07
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Apr 15 05:46:10.080 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1B:CF:24:D2:56:6A:DA:36:7E:58:F2:60:
                                67:2B:1E:42:4E:94:44:FA:CE:AE:91:95:95:EB:C5:12:
                                7B:31:8E:5B:02:20:34:41:9E:42:99:7E:DC:0B:85:61:
                                F3:40:F9:F8:98:5A:AA:93:31:E5:D4:F3:0B:C6:A7:46:
                                5E:EA:FE:61:95:43
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Apr 15 05:46:10.805 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EB:7A:AD:CC:10:91:5D:41:25:71:00:
                                BE:D3:D7:4E:60:CB:03:05:96:1C:EC:C0:C3:08:B0:61:
                                FE:AE:A6:3C:8C:02:21:00:93:CA:E0:A6:23:5D:EA:78:
                                EC:61:3C:11:2C:79:7A:05:7F:B8:E6:DC:4D:1C:A0:A8:
                                7D:1F:59:96:8F:98:BD:E7
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        74:0f:4d:57:a6:e0:57:ed:fe:e6:c8:ad:33:7d:54:50:6e:41:
        11:53:5e:54:8b:bc:01:1b:96:fb:59:28:f6:27:61:5b:16:c3:
        f2:5c:91:d8:ff:26:44:e2:ed:2e:4d:1f:81:f6:9c:cf:04:b2:
        99:8c:04:b7:05:00:48:b1:38:99:ec:6a:1f:24:22:c6:8d:9c:
        cc:60:e6:22:90:cc:f1:6e:98:e2:65:49:43:b0:cd:62:4e:c6:
        c7:ba:c8:04:c9:18:e4:27:e6:22:29:dd:82:c0:0c:96:4b:4a:
        68:b3:99:0e:fd:c1:a3:bc:6f:b3:d6:b8:02:53:ad:fd:ee:2f:
        25:1b:c6:db:46:12:43:c6:77:9b:4f:cc:e2:c1:e7:ba:63:bc:
        52:7d:24:61:48:02:ee:6a:7a:4a:40:62:c7:1b:1f:a9:13:15:
        4d:89:88:1a:b2:76:aa:c6:2c:57:eb:b8:5a:43:a8:ac:c6:5c:
        f7:dd:13:b7:51:7b:fb:d6:01:4a:34:ee:15:df:80:1d:c6:56:
        02:c5:f5:91:89:b6:4f:a1:ec:37:b9:2c:f7:72:96:39:2a:cc:
        92:1e:90:b7:73:28:7e:af:be:98:32:bd:1d:f7:4f:5d:3b:98:
        69:3f:73:18:c8:71:3f:4f:92:64:43:9b:8e:ca:cd:7d:cf:2e:
        83:21:56:72

160.16.238.27

Last Seen: 2024-04-18

GeneralInformation

Vulnerabilities

OpenPorts

792679561 | 2024-03-31T20:12:34.714336
21 / tcp

-718127891 | 2024-04-18T14:36:56.647929
80 / tcp

lighttpd1.4.45

-718127891 | 2024-04-18T23:29:49.271816
443 / tcp

lighttpd1.4.45

Products

Pricing

Contact Us

160.16.238.27

Last Seen: 2024-04-18

GeneralInformation

Vulnerabilities

OpenPorts

792679561 | 2024-03-31T20:12:34.714336 21 / tcp

-718127891 | 2024-04-18T14:36:56.647929 80 / tcp

lighttpd1.4.45

-718127891 | 2024-04-18T23:29:49.271816 443 / tcp

lighttpd1.4.45

Products

Pricing

Contact Us

792679561 | 2024-03-31T20:12:34.714336
21 / tcp

-718127891 | 2024-04-18T14:36:56.647929
80 / tcp

-718127891 | 2024-04-18T23:29:49.271816
443 / tcp