GeneralInformation

Country	United States
City	Southborough
Organization	TierPoint, LLC
ISP	TierPoint, LLC
ASN	AS17378

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-11072	7.5lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
CVE-2018-19052	5.0An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
CVE-2015-3200	5.0mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
CVE-2014-2324	5.0Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2014-2323	7.5SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2013-4560	5.0Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
CVE-2013-4559	7.6lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
CVE-2013-1427	1.9The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
CVE-2011-4362	5.0Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
CVE-2010-0295	5.0lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.

OpenPorts

22 80 443 623 5900 8889 49152

970573831 | 2024-04-23T19:05:16.590146

22 / tcp

SSH-2.0-dropbear_0.52
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAAAgwDkRqR1VRgHOON8M7YCNnIG8k0zukAN/r4L5fPKTvWmdhe1
7UnxywPc+TySjXqNsXQ/jPLGvpO5uoSG3dgT2N7NUdAtdL4Enb87dX7yTbJTJzMMxTb9HSI1SL2/
5iSefyAVVo1+R8DMmFqTWa2eFHoD9IoxFSNSTarTZQgmH1oZYoZX
Fingerprint: 21:0e:54:f2:0c:d8:bc:a1:1c:72:e0:3b:e9:ae:f9:82

Kex Algorithms:
	diffie-hellman-group1-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss

Encryption Algorithms:
	aes128-ctr
	3des-ctr
	aes256-ctr
	aes128-cbc
	3des-cbc
	aes256-cbc
	twofish256-cbc
	twofish-cbc
	twofish128-cbc
	blowfish-cbc

MAC Algorithms:
	hmac-sha1-96
	hmac-sha1
	hmac-md5

Compression Algorithms:
	zlib
	zlib@openssh.com
	none

-1064776255 | 2024-04-21T17:42:38.018171

80 / tcp

HTTP/1.1 200 OK
Content-Length: 3269
Content-Type: text/html
Date: Sat, 07 Mar 1970 23:13:42 GMT
Server: lighttpd/1.4.23

-1064776255 | 2024-04-24T01:38:35.547417

443 / tcp

HTTP/1.1 200 OK
Content-Length: 3269
Content-Type: text/html
Date: Tue, 10 Mar 1970 07:09:39 GMT
Server: lighttpd/1.4.23

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            92:87:8f:35:b4:aa:08:d1
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=TW, ST=Taiwan, L=Taipei, O=Aten, OU=SW1, CN=doris/emailAddress=doris@aten.com.tw
        Validity
            Not Before: Jun 10 08:34:28 2008 GMT
            Not After : Jun 10 08:34:28 2009 GMT
        Subject: C=TW, ST=Taiwan, L=Taipei, O=Aten, OU=SW1, CN=doris/emailAddress=doris@aten.com.tw
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d1:ba:41:e8:81:1f:c3:2e:ba:92:85:ce:a6:2d:
                    b0:e1:91:6c:e4:4c:cc:9e:9c:6d:91:46:62:f4:4e:
                    40:0e:fd:bb:86:ed:3d:00:01:7f:dd:cd:92:3a:0f:
                    57:a3:8e:fe:85:37:56:d4:86:ee:b0:b8:81:01:13:
                    fa:73:87:52:c1:7a:82:5e:98:b6:3c:ab:cf:63:a9:
                    93:07:7f:48:8f:f2:72:9f:5e:67:85:67:64:45:4f:
                    e9:b7:7c:c6:ce:ef:3d:39:81:0b:42:29:ec:f8:70:
                    98:77:76:bd:84:d5:c9:59:ca:a6:07:3e:8a:c8:e6:
                    89:42:51:c0:a6:ab:a8:25:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D8:50:D2:54:1C:54:29:33:F1:85:C8:80:0F:65:3C:29:E0:5D:D7:B5
            X509v3 Authority Key Identifier: 
                keyid:D8:50:D2:54:1C:54:29:33:F1:85:C8:80:0F:65:3C:29:E0:5D:D7:B5
                DirName:/C=TW/ST=Taiwan/L=Taipei/O=Aten/OU=SW1/CN=doris/emailAddress=doris@aten.com.tw
                serial:92:87:8F:35:B4:AA:08:D1
            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        87:69:55:25:5b:da:81:a2:b2:a6:41:87:58:9f:ac:ea:ae:95:
        e6:c4:21:24:d3:64:0a:04:65:68:f3:3e:cf:af:9b:58:05:dd:
        4d:5f:30:98:3b:fe:db:a0:83:fb:47:46:d8:48:4d:d7:28:06:
        21:64:5b:e1:6e:f2:c2:46:76:e1:d6:cc:2e:b8:57:79:56:67:
        0c:56:29:98:1f:a0:bc:83:9d:bb:81:5d:b5:70:b9:68:38:f0:
        24:28:9f:dc:da:9c:8c:d1:3c:bc:78:aa:bc:f4:77:ec:17:c9:
        4f:97:9e:7c:bd:03:de:45:83:79:c1:47:c9:4c:41:a2:39:14:
        81:b4

-230219574 | 2024-04-25T08:32:51.974239

623 / udp

IPMI:
  Version: IPMI-2.0
  User Auth:
    password
    md5
    md2
  Password Auth:
    auth_msg
    auth_user
    non_null_user
    null_user
  Level:
    1.5
    2.0
  Oemid: 21317

-2067296222 | 2024-04-05T06:47:30.736795

5900 / tcp

<open>

-1692216116 | 2024-04-23T07:29:08.245172

8889 / tcp

HTTP/1.1 501 Method Not Implemented

501 Method Not Implemented

1379636754 | 2024-04-24T22:52:42.493383

49152 / tcp

HTTP/1.1 404 Not Found
SERVER: Linux/2.6.17.WB_WPCM450.1.3, UPnP/1.0, Intel SDK for UPnP devices/1.3.1
CONNECTION: close
CONTENT-LENGTH: 48
CONTENT-TYPE: text/html

207.154.59.140

Last Seen: 2024-04-25

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

970573831 | 2024-04-23T19:05:16.590146
22 / tcp

Dropbear sshd0.52

-1064776255 | 2024-04-21T17:42:38.018171
80 / tcp

lighttpd1.4.23

-1064776255 | 2024-04-24T01:38:35.547417
443 / tcp

lighttpd1.4.23

-230219574 | 2024-04-25T08:32:51.974239
623 / udp

-2067296222 | 2024-04-05T06:47:30.736795
5900 / tcp

-1692216116 | 2024-04-23T07:29:08.245172
8889 / tcp

1379636754 | 2024-04-24T22:52:42.493383
49152 / tcp

Products

Pricing

Contact Us

207.154.59.140

Last Seen: 2024-04-25

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

970573831 | 2024-04-23T19:05:16.590146 22 / tcp

Dropbear sshd0.52

-1064776255 | 2024-04-21T17:42:38.018171 80 / tcp

lighttpd1.4.23

-1064776255 | 2024-04-24T01:38:35.547417 443 / tcp

lighttpd1.4.23

-230219574 | 2024-04-25T08:32:51.974239 623 / udp

-2067296222 | 2024-04-05T06:47:30.736795 5900 / tcp

-1692216116 | 2024-04-23T07:29:08.245172 8889 / tcp

1379636754 | 2024-04-24T22:52:42.493383 49152 / tcp

Products

Pricing

Contact Us

970573831 | 2024-04-23T19:05:16.590146
22 / tcp

-1064776255 | 2024-04-21T17:42:38.018171
80 / tcp

-1064776255 | 2024-04-24T01:38:35.547417
443 / tcp

-230219574 | 2024-04-25T08:32:51.974239
623 / udp

-2067296222 | 2024-04-05T06:47:30.736795
5900 / tcp

-1692216116 | 2024-04-23T07:29:08.245172
8889 / tcp

1379636754 | 2024-04-24T22:52:42.493383
49152 / tcp