GeneralInformation

Hostnames	ec2-18-214-74-134.compute-1.amazonaws.com vafl.me
Domains	amazonaws.com vafl.me
Cloud Provider	Amazon
Cloud Region	us-east-1
Cloud Service	EC2
Country	United States
City	Ashburn
Organization	Amazon Technologies Inc.
ISP	Amazon.com, Inc.
ASN	AS14618

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2024-23638	Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
CVE-2023-5824	Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
CVE-2023-50269	Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
CVE-2023-49288	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
CVE-2023-49286	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-49285	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-46848	Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
CVE-2023-46847	Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2023-46846	SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVE-2023-46728	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
CVE-2023-46724	Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
CVE-2023-44487	7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

22 80 443 3128 8000

-1884505711 | 2024-05-09T19:42:38.682214

22 / tcp

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOH5Onw8yEpXb8ROGd7GX99M
hJE/eKD2J0Cw8DU25xz0guCRzE3VxOMSN8736XxTyVRuPEa7MzyCEBJMl8p/+CI=
Fingerprint: 0a:f7:2c:e5:ef:4b:74:2c:0d:4a:b6:a4:b3:b2:8b:ff

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

541702588 | 2024-04-12T13:30:10.506707

80 / tcp

HTTP/1.1 301 Moved Permanently
Server: nginx/1.17.8
Date: Fri, 12 Apr 2024 13:30:05 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://18.214.74.134/

1623653629 | 2024-05-04T21:36:05.455720

443 / tcp

HTTP/1.1 200 OK
Server: nginx/1.17.8
Date: Sat, 04 May 2024 21:36:05 GMT
Content-Type: text/html
Content-Length: 2064
Connection: keep-alive
Last-Modified: Tue, 09 Apr 2024 09:14:15 GMT
ETag: "661506e7-810"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubdomains

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:fa:47:66:bf:01:40:e2:b7:db:fc:b2:0e:c8:2e:91:6e:70
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar 21 14:16:04 2024 GMT
            Not After : Jun 19 14:16:03 2024 GMT
        Subject: CN=vafl.me
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:f2:55:26:db:01:d0:39:89:a2:55:5c:c8:f2:f5:
                    97:4c:18:8b:e3:dc:54:43:fb:c9:b4:b5:a1:be:99:
                    84:1b:58:1e:eb:7d:02:78:e7:c2:98:8b:86:0d:e7:
                    a0:88:dc:30:b9:77:2a:b2:e2:0c:05:b8:67:d6:6f:
                    df:57:2f:c9:90:f1:4f:28:62:9b:61:c7:cc:8a:94:
                    81:19:58:be:5a:4a:6b:96:33:65:00:80:69:d5:50:
                    c1:33:1a:14:89:35:72:ce:6e:92:d5:2c:3f:b8:34:
                    3a:49:e7:1b:3f:32:9c:38:de:f2:f9:eb:27:a9:1d:
                    d5:9c:90:91:3c:fc:99:99:d4:e5:50:eb:d3:03:37:
                    67:8e:df:98:2b:b0:b3:4d:8c:df:d9:26:b5:ec:3d:
                    1f:3f:5b:81:ec:41:c2:4f:29:50:15:96:38:05:dc:
                    32:41:1a:fc:ba:1d:99:f5:0f:22:57:5b:02:78:2b:
                    ca:67:60:5e:31:92:1d:0a:8b:7f:bc:5d:25:3d:a7:
                    aa:8d:e4:94:39:fe:7d:07:25:b4:70:97:c7:27:40:
                    fb:0e:6b:c3:9b:a1:16:4b:03:34:aa:62:fb:c6:32:
                    d1:f5:6a:a9:3f:b5:2d:f1:b2:54:78:e9:f8:10:f2:
                    5b:11:d0:a9:0d:2c:b0:80:52:1d:27:38:f7:ee:0a:
                    2f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                32:B9:57:C0:F6:F8:FF:4A:7A:14:74:2E:34:25:D6:28:83:1F:EB:4F
            X509v3 Authority Key Identifier: 
                14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:vafl.me
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Mar 21 15:16:04.774 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:4A:7A:04:AF:24:A6:22:82:60:EE:A1:C0:
                                84:45:92:75:31:32:DD:A2:0E:7D:C0:EB:F7:B7:DB:42:
                                D6:C4:4C:5A:02:21:00:E2:77:DC:40:69:46:DF:4B:65:
                                38:91:F7:C5:24:E7:96:30:30:D8:0B:70:D0:78:DF:49:
                                F6:3A:69:EB:C1:3E:B2
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
                                65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
                    Timestamp : Mar 21 15:16:06.710 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:5A:C3:E5:B2:DD:97:3E:F4:01:3E:1F:8C:
                                B6:7F:9B:88:2D:89:C5:F1:D2:D3:A6:99:59:BC:D0:46:
                                48:AB:C3:44:02:20:04:DB:BE:3A:77:C4:AF:31:E6:A6:
                                90:40:F8:1A:79:2C:F4:DB:EF:57:AA:BF:DD:0A:F6:32:
                                93:E9:48:AE:0B:C2
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        25:07:63:22:9b:f6:5b:d0:77:ff:89:93:ca:02:33:34:b7:c0:
        60:df:1e:8e:5f:e8:db:eb:7a:d1:ac:49:6f:c0:c3:12:85:08:
        98:73:a3:74:b7:eb:fb:16:01:87:5f:c1:ce:15:ea:ec:a4:5c:
        aa:97:2b:2a:20:6c:60:87:07:72:30:54:95:d4:eb:ec:f6:c0:
        7f:b2:76:d5:5f:50:36:d8:53:08:13:7e:71:fa:1a:01:5d:b5:
        41:30:58:4e:56:29:5b:09:fc:c6:3b:be:f3:a9:d3:7c:dc:13:
        d7:4f:4c:0d:de:fb:93:a5:46:d4:ea:e8:65:a2:3b:f9:c4:32:
        19:5e:90:fb:70:c4:88:e9:b9:60:2b:80:72:2c:57:a3:3b:14:
        a2:5a:c1:8d:21:14:07:95:5b:a5:c5:18:18:c5:ac:2a:6f:5b:
        0b:6e:f1:dd:d9:1e:7f:41:50:6c:88:39:24:e0:c8:26:a7:10:
        c2:3e:1f:85:ac:23:04:3e:6c:0e:cf:e6:d6:9a:08:51:2d:a9:
        2e:b1:9f:12:f6:73:7d:4d:d3:32:db:30:bc:b7:72:e5:df:85:
        78:a6:d3:91:d7:51:8b:cc:9a:0f:29:67:e9:26:cb:fd:63:94:
        94:8d:e2:0f:bb:0f:22:de:88:b9:4d:09:39:b9:c1:e4:99:c2:
        04:33:f9:d4

-931379057 | 2024-05-01T13:03:39.396879

3128 / tcp

HTTP/1.1 400 Bad Request
Server: squid/5.7
Mime-Version: 1.0
Date: Wed, 01 May 2024 13:03:39 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3516
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from ip-172-31-34-61
X-Cache-Lookup: NONE from ip-172-31-34-61:3128
Via: 1.1 ip-172-31-34-61 (squid/5.7)
Connection: close

18.214.74.134

Last Seen: 2024-05-09

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1884505711 | 2024-05-09T19:42:38.682214
22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

541702588 | 2024-04-12T13:30:10.506707
80 / tcp

nginx1.17.8

1623653629 | 2024-05-04T21:36:05.455720
443 / tcp

nginx1.17.8

-931379057 | 2024-05-01T13:03:39.396879
3128 / tcp

Squid http proxy5.7

Products

Pricing

Contact Us

18.214.74.134

Last Seen: 2024-05-09

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-1884505711 | 2024-05-09T19:42:38.682214 22 / tcp

OpenSSH8.9p1 Ubuntu-3ubuntu0.6

541702588 | 2024-04-12T13:30:10.506707 80 / tcp

nginx1.17.8

1623653629 | 2024-05-04T21:36:05.455720 443 / tcp

nginx1.17.8

-931379057 | 2024-05-01T13:03:39.396879 3128 / tcp

Squid http proxy5.7

Products

Pricing

Contact Us

-1884505711 | 2024-05-09T19:42:38.682214
22 / tcp

541702588 | 2024-04-12T13:30:10.506707
80 / tcp

1623653629 | 2024-05-04T21:36:05.455720
443 / tcp

-931379057 | 2024-05-01T13:03:39.396879
3128 / tcp