Alcatel Unleashed

The #1 Worldwide board for technical support on Alcatel-Lucent Voice & Data gear.
https://www.alcatelunleashed.com:443/

Http vulnerability

https://www.alcatelunleashed.com:443/viewtopic.php?t=33430

Page 1 of 1

Http vulnerability

Posted: 19 May 2024 14:52
by Alpalma
Hi

We have scanned our network using tenable nessus and we have detected that http access is enabled in our pbx and cannot be disabled. We can enable https but we cannot disable http. Do you know why http is necesary? Is there a way to disable that port so we can remove that vulnerability?

Thanks in advanced!

Re: Http vulnerability

Posted: 22 May 2024 15:46
by Veit_privat
We had the same scan result for OXE, and there the HTTP server is only needed when using the java GUI to configure, not when using mgr. Using root account: 
service monit stop
service httpd stop
and perhaps either modify 
/etc/monit_oxe.conf
/etc/monit.conf
to avoid that monit restarts apache, or prevent monit from starting at all.
Perhaps another finding is that SNMP is enabled, with easy to guess community, disable also if not used.
No idea for OXO, other than upgrading.

Re: Http vulnerability

Posted: 23 May 2024 10:29
by Alpalma
thanks! anyway our problem is with OXO and we cannot stop httpd, anyone else experiencing this problem with oxo?
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited