GeneralInformation

Hostnames	vmi752921.contaboserver.net kagami.space www.kagami.space ndywm.me www.ndywm.me zmienplec.pl www.zmienplec.pl
Domains	contaboserver.net kagami.space ndywm.me zmienplec.pl
Country	Germany
City	Frankfurt am Main
Organization	Contabo GmbH
ISP	Contabo GmbH
ASN	AS51167

WebTechnologies

Analytics

Google Analytics

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2024-0727	5.5Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
CVE-2023-6129	6.5Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
CVE-2023-51767	7.0OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
CVE-2019-0190	7.5A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
CVE-2009-3767	libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-3766	mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2009-3765	mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-1390	Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
CVE-2008-3844	Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
CVE-2007-2768	OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

OpenPorts

22 80 443 25565

1944037529 | 2024-04-14T13:56:57.671559

22 / tcp

SSH-2.0-OpenSSH_9.6
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQCnf7kJwHn1YxmxE5fhWIFRuZ8VK7uoJprQX0b12MEgirKU
Up2JDA4d8TXvxr9SSzMva7kB8Md+PgaPRA08pcFYDQmHul/+KtbIDHTFoTEHKZs4AIv6lPAInL8T
lRnrolbls5UZMimqruesOjEB2Ov6HR/d1Zgr47MJhNs99NGPUP2fVueHcEQqoKcyYAjCEDvCHW+O
IfldwOA248bxv8btFgsCT7xRzG6dcOdJ+Pn7XDcbyC+WjViw5utELBYR8xpx7DG3NwzMidVR75AS
2e7LMVbgwwpqd80dPMyMetByAuH5Wqq9kPPMkkDYr0MMFT5GqtLtV7RInFh22Gfs00rgSvDemMGB
mvoGoYQECP++B3iSSiAfx3v/LzokXdSrbMq446ggd/U31mP/ArdqkOEgDci3KNyETcdiJGLAeU81
/5PVvCzUw86DrhwVHz6lDaDl7MghnBPT/ofoMCAP+NdMa8h2ZoJ2ukP6cb78+vx7wXERzrfwmr+m
AoHQ7YgIgtk=
Fingerprint: d5:69:80:e0:6e:6b:16:05:1d:84:ba:17:96:c0:3f:71

Kex Algorithms:
	sntrup761x25519-sha512@openssh.com
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	ext-info-s
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

-1500945292 | 2024-04-10T22:03:29.638602

80 / tcp

HTTP/1.1 200 OK
Date: Wed, 10 Apr 2024 22:05:49 GMT
Server: Apache/2.4.58 (Unix) mod_wsgi/4.9.4 Python/3.11 OpenSSL/3.2.0
Last-Modified: Mon, 31 Jul 2023 18:42:01 GMT
ETag: "fd2-601ccc938c140"
Accept-Ranges: bytes
Content-Length: 4050
Content-Type: text/html

-1500945292 | 2024-04-18T09:09:07.884355

443 / tcp

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 09:11:32 GMT
Server: Apache/2.4.58 (Unix) mod_wsgi/4.9.4 Python/3.11 OpenSSL/3.2.0
Last-Modified: Mon, 31 Jul 2023 18:42:01 GMT
ETag: "fd2-601ccc938c140"
Accept-Ranges: bytes
Content-Length: 4050
Content-Type: text/html

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d0:5d:cb:ac:d2:2c:d1:9a:74:af:05:62:6a:01:a3:5e:17
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Sep 30 11:20:56 2023 GMT
            Not After : Dec 29 11:20:55 2023 GMT
        Subject: CN=kagami.space
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:63:1f:e3:56:af:b1:8d:c4:0d:ba:d3:1e:f0:69:
                    42:41:05:52:a1:93:8d:dc:b0:18:59:5e:2b:a3:8e:
                    f5:50:55:0f:56:93:7b:bd:c4:15:b7:1c:f0:f6:19:
                    38:70:bd:ed:11:c6:9f:9a:c8:fe:a0:00:2a:00:f6:
                    80:d5:f8:b8:eb
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                00:CA:C5:54:EC:85:22:8E:71:3E:6F:58:EB:0C:54:39:E9:32:74:8F
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:kagami.space, DNS:ndywm.me, DNS:www.kagami.space, DNS:www.ndywm.me, DNS:www.zmienplec.pl, DNS:zmienplec.pl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
                                16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
                    Timestamp : Sep 30 12:20:57.064 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:F1:BC:E3:86:92:C6:5D:26:AD:52:55:
                                52:4D:50:02:97:95:F2:FD:0C:4D:2B:2A:0F:56:F4:D5:
                                9E:84:C7:20:DA:02:21:00:D9:7A:A9:A4:3C:61:63:BE:
                                5F:EA:AB:98:A2:36:F5:49:DD:46:38:B4:94:8A:05:E6:
                                D1:CE:0A:79:4F:63:8A:E2
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
                                5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
                    Timestamp : Sep 30 12:20:57.066 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:6D:FA:49:09:60:70:95:91:DE:92:EC:34:
                                B4:53:BB:65:41:CD:4A:1B:EF:2E:8C:FB:9B:E0:70:7E:
                                2D:D6:B2:DF:02:21:00:B2:87:71:13:00:D5:DB:7D:9E:
                                6B:D7:67:DA:78:FA:60:FE:CD:BD:D9:06:A2:9F:5A:3D:
                                18:3C:76:59:CD:6E:7E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        93:e6:c9:a2:db:43:ef:17:a7:66:d3:41:43:f6:4e:62:c8:e9:
        c1:80:dc:83:5f:03:2b:b1:ef:6c:ad:14:94:7a:ed:4e:b1:13:
        27:d8:8f:f4:85:42:d3:ed:56:92:b6:d9:2d:6a:2e:32:ea:da:
        32:e8:90:61:00:a5:71:24:3a:85:01:23:34:49:63:1d:d3:7f:
        7d:12:8b:38:34:39:46:9f:96:ea:0a:c2:a8:49:e0:f3:34:87:
        be:15:40:43:29:d1:1d:73:ee:39:69:e3:83:9f:98:e7:b4:59:
        14:45:69:7c:60:1d:ba:bb:d9:b9:8a:3e:54:99:7a:4e:2b:ad:
        d8:2e:3b:ab:bb:36:c1:be:17:b7:d6:e5:33:ca:15:86:8e:b2:
        62:fa:80:be:78:2a:3d:f1:18:22:f8:a5:e3:7a:9c:76:4f:5b:
        36:f9:ad:b7:00:96:6b:92:4b:59:a0:de:5f:4e:18:bf:12:e5:
        47:1d:d3:c5:2f:c5:77:a4:8f:d7:4d:d8:fb:50:3d:df:8d:97:
        cf:f4:31:43:a9:9e:dd:62:c8:8c:b0:35:f3:19:fa:25:aa:f4:
        db:14:bb:f7:dd:0c:2d:97:4e:5d:20:50:1b:b7:4c:ee:ad:81:
        10:8a:62:7e:2b:eb:1b:a6:c9:78:56:06:45:6e:2a:e2:dd:41:
        ed:70:1f:82

1425136739 | 2024-04-13T20:36:33.097984

25565 / tcp

Minecraft Server:
  Version: Paper 1.20.4 (Protocol 765)
  Description: A Minecraft Server
  Online Players: 0
  Maximum Players: 20

167.86.87.133

Last Seen: 2024-04-18

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1944037529 | 2024-04-14T13:56:57.671559
22 / tcp

OpenSSH9.6

-1500945292 | 2024-04-10T22:03:29.638602
80 / tcp

Apache httpd2.4.58

-1500945292 | 2024-04-18T09:09:07.884355
443 / tcp

Apache httpd2.4.58

1425136739 | 2024-04-13T20:36:33.097984
25565 / tcp

MinecraftPaper 1.20.4

Products

Pricing

Contact Us

167.86.87.133

Last Seen: 2024-04-18

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1944037529 | 2024-04-14T13:56:57.671559 22 / tcp

OpenSSH9.6

-1500945292 | 2024-04-10T22:03:29.638602 80 / tcp

Apache httpd2.4.58

-1500945292 | 2024-04-18T09:09:07.884355 443 / tcp

Apache httpd2.4.58

1425136739 | 2024-04-13T20:36:33.097984 25565 / tcp

MinecraftPaper 1.20.4

Products

Pricing

Contact Us

1944037529 | 2024-04-14T13:56:57.671559
22 / tcp

-1500945292 | 2024-04-10T22:03:29.638602
80 / tcp

-1500945292 | 2024-04-18T09:09:07.884355
443 / tcp

1425136739 | 2024-04-13T20:36:33.097984
25565 / tcp