GeneralInformation

Hostnames	ec2-50-112-218-168.us-west-2.compute.amazonaws.com idrove.it demo.idrove.it www.idrove.it
Domains	amazonaws.com idrove.it
Cloud Provider	Amazon
Cloud Region	us-west-2
Cloud Service	EC2
Country	United States
City	Boardman
Organization	Amazon.com, Inc.
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

CDN

Google Hosted Libraries

JavaScript libraries

jQuery1.8.1

FancyBox

Widgets

FlexSlider

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-1938	7.5When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

21 80 443 8009

-738370680 | 2024-04-28T15:34:04.388952

21 / tcp

220 (vsFTPd 2.2.2)
530 Login incorrect.
530 Please login with USER and PASS.
211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End

-182781560 | 2024-04-29T08:38:44.326510

80 / tcp

HTTP/1.1 200 OK
Date: Mon, 29 Apr 2024 08:38:44 GMT
Server: Apache
Last-Modified: Sat, 01 Nov 2014 14:39:09 GMT
ETag: "814b8-326d-506cd138b2758"
Accept-Ranges: bytes
Content-Length: 12909
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

-182781560 | 2024-04-24T16:49:04.447476

443 / tcp

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:49:04 GMT
Server: Apache
Last-Modified: Sat, 01 Nov 2014 14:39:09 GMT
ETag: "814b8-326d-506cd138b2758"
Accept-Ranges: bytes
Content-Length: 12909
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            aa:fb:44:54:ab:8d:98:63
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Apr 20 16:11:06 2023 GMT
            Not After : May 21 16:11:06 2024 GMT
        Subject: CN=idrove.it
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cf:c6:62:9b:2f:01:94:66:21:15:ab:98:e8:25:
                    a3:23:33:7c:07:63:15:da:89:ee:4a:a8:0b:5a:70:
                    29:00:94:12:af:5e:e9:d3:a2:04:a4:a5:05:29:f6:
                    79:ce:e6:00:50:2d:f8:59:7a:3d:27:a4:6c:f4:d0:
                    4c:bd:9d:5b:c8:91:71:a4:59:a5:b1:d3:57:0e:5c:
                    76:59:af:30:53:0b:c6:08:91:17:bd:88:65:05:2b:
                    eb:20:32:b6:a1:34:27:26:ed:45:96:1d:62:e0:0c:
                    27:05:db:ec:07:da:f1:3c:33:71:7c:93:e3:a8:3a:
                    06:a5:a9:5a:83:e8:04:74:e1:e5:3d:c7:e3:80:f7:
                    19:82:6d:f6:8f:a8:ef:ed:02:ad:2e:26:1a:d1:0b:
                    4a:55:af:99:b1:1f:a1:2b:a7:17:32:28:52:9b:c5:
                    9b:68:8c:ed:e1:6c:82:12:48:16:63:f8:f9:11:b3:
                    ba:92:18:f5:1d:6f:9c:2b:b7:af:d6:ca:f4:4d:a9:
                    b6:63:92:f0:47:e3:49:73:f1:c4:6e:aa:4a:10:7a:
                    75:e2:99:07:10:4f:92:0c:9f:ee:05:3c:d9:9a:95:
                    97:e7:31:9b:2d:91:f4:67:f3:ef:e6:62:22:17:ca:
                    04:a4:82:12:b4:5b:3a:f7:9b:f7:24:23:b6:a8:ac:
                    3d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-5515.crl
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
            X509v3 Authority Key Identifier: 
                40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
            X509v3 Subject Alternative Name: 
                DNS:idrove.it, DNS:www.idrove.it, DNS:demo.idrove.it
            X509v3 Subject Key Identifier: 
                3D:EC:B1:B6:C4:E0:0F:DF:50:BD:62:AF:19:39:32:5F:95:A0:9C:3F
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Apr 20 16:11:07.368 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C8:9C:C6:EE:43:67:69:94:4C:8A:54:
                                C2:20:EF:84:F5:01:60:0F:3A:35:FE:7F:71:66:2A:C2:
                                5A:AF:AE:6A:29:02:20:6A:E3:4D:D8:FA:CF:D8:F7:89:
                                A6:83:E7:32:06:93:5B:39:73:62:6A:74:79:B8:1B:F2:
                                D9:1F:CA:8C:0C:5C:5F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
                                1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
                    Timestamp : Apr 20 16:11:07.582 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:43:02:1F:01:2A:38:16:5E:E3:79:CF:88:2E:DE:E5:
                                0F:29:7C:76:F1:A5:E9:50:5F:D7:C2:1A:61:E6:B9:A3:
                                3E:66:0E:02:20:1C:EF:57:75:EE:5E:C0:D9:D2:9D:AB:
                                7C:BE:3E:1E:61:8B:A6:CB:F9:C3:5C:1D:E6:0C:F6:A6:
                                8B:EC:2D:C7:22
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Apr 20 16:11:07.697 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:1D:7D:29:BD:9C:1D:50:1B:78:C9:86:DE:
                                20:3D:09:8F:21:08:1C:B3:45:66:05:EF:05:1B:09:7F:
                                C8:41:40:37:02:20:37:64:8F:39:DA:D9:1E:05:60:EA:
                                03:73:22:EE:9D:8C:8A:13:51:24:D9:78:75:F5:8F:80:
                                BB:3E:E4:60:73:6F
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        85:07:4c:fd:a7:af:53:d0:a8:d3:93:58:3e:06:ac:e3:7f:5c:
        95:45:98:4f:e4:03:d6:5e:d2:e5:5a:78:1c:12:ae:df:0c:4a:
        64:2d:21:95:14:bc:ff:af:da:2f:60:70:74:61:d1:ce:b7:b1:
        ec:40:81:86:1f:36:c7:b9:6c:4c:c4:80:7c:5a:9c:b0:41:ab:
        10:30:45:cd:5a:f2:e4:8e:c0:7e:38:12:64:88:1d:5c:5b:e2:
        44:e8:c6:96:32:2d:76:09:e0:09:13:25:6b:18:27:f3:88:30:
        a0:74:68:01:d3:25:af:e3:a9:dd:2b:b8:93:79:10:b4:0b:17:
        b6:ce:03:de:e4:c3:99:a8:c2:51:a8:57:44:c3:2e:9d:dd:f6:
        a6:97:14:a5:58:00:02:33:48:4b:16:61:e7:67:68:21:cc:f4:
        8f:1f:ae:69:31:7b:65:12:cb:17:8c:66:b5:c8:2c:a4:d5:f5:
        10:35:e9:43:d2:57:1a:95:bb:c4:2a:24:82:80:58:23:70:5b:
        0a:ed:e1:c8:42:8d:05:07:6e:8e:74:63:08:f7:47:ac:ea:72:
        7e:ec:e6:95:a9:a3:6e:73:0c:04:66:f4:96:71:d7:dc:d1:48:
        99:27:8a:0f:bf:6a:09:ff:77:13:1f:1f:69:ab:1d:88:63:03:
        d7:a5:05:a4

-95362893 | 2024-04-28T23:37:18.137393

8009 / tcp

<html><head><title>Apache Tomcat/7.0.53 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /asdadadas</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/asdadadas</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.53</h3></body></html>

50.112.218.168

Last Seen: 2024-04-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-738370680 | 2024-04-28T15:34:04.388952
21 / tcp

-182781560 | 2024-04-29T08:38:44.326510
80 / tcp

Apache httpd

-182781560 | 2024-04-24T16:49:04.447476
443 / tcp

Apache httpd

-95362893 | 2024-04-28T23:37:18.137393
8009 / tcp

Apache Tomcat7.0.53

Products

Pricing

Contact Us

50.112.218.168

Last Seen: 2024-04-29

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-738370680 | 2024-04-28T15:34:04.388952 21 / tcp

-182781560 | 2024-04-29T08:38:44.326510 80 / tcp

Apache httpd

-182781560 | 2024-04-24T16:49:04.447476 443 / tcp

Apache httpd

-95362893 | 2024-04-28T23:37:18.137393 8009 / tcp

Apache Tomcat7.0.53

Products

Pricing

Contact Us

-738370680 | 2024-04-28T15:34:04.388952
21 / tcp

-182781560 | 2024-04-29T08:38:44.326510
80 / tcp

-182781560 | 2024-04-24T16:49:04.447476
443 / tcp

-95362893 | 2024-04-28T23:37:18.137393
8009 / tcp