GeneralInformation

Country	India
City	Mumbai
Organization	Web Werks India Pvt. Ltd.
ISP	Web Werks India Pvt. Ltd.
ASN	AS133296

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-46674	An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
CVE-2023-31418	An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
CVE-2021-22144	4.0In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
CVE-2021-22137	4.3In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVE-2021-22135	4.3Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view.
CVE-2020-7021	4.0Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
CVE-2020-7020	3.5Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVE-2020-7019	4.0In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
CVE-2019-7614	4.3A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
CVE-2019-7611	6.8A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
CVE-2015-5377	7.5Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

OpenPorts

25 80 123 443 4369 9200 25672

-346721832 | 2024-04-30T03:41:17.191468

25 / tcp

220 www.wiprotest1.com ESMTP Postfix (Ubuntu)
250-www.wiprotest1.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b4:96:d5:cc:68:e4:cd:7f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=www.wiprotest1.com
        Validity
            Not Before: Jul  5 07:01:07 2021 GMT
            Not After : Jul  3 07:01:07 2031 GMT
        Subject: CN=www.wiprotest1.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cd:8a:24:6d:50:d9:da:dc:bf:e8:ff:f8:28:b5:
                    02:40:ac:ea:66:37:4e:50:f6:d7:e9:89:23:7b:63:
                    7b:64:b2:99:75:b2:83:dc:05:34:e7:b3:f6:0b:3f:
                    29:88:fb:53:3d:49:5a:78:70:dc:37:e6:33:23:f3:
                    04:c3:f0:01:54:f2:30:de:8c:78:eb:85:25:f1:c3:
                    95:38:51:d6:e3:1e:3a:40:1c:42:5f:23:f1:21:12:
                    c4:25:76:df:8c:3c:95:12:26:5c:13:44:d4:70:1b:
                    3e:06:c1:1b:37:37:00:ea:e2:38:c8:cc:76:9a:f5:
                    6b:0b:4f:b8:ac:dd:bb:68:54:1f:fd:41:8b:b3:72:
                    48:1a:b0:3c:b4:25:d1:85:5b:20:09:95:1f:5c:11:
                    ff:cb:1e:c4:e4:41:2a:0d:f7:31:48:34:18:96:20:
                    26:c7:e3:54:94:32:eb:89:5a:cd:17:c8:75:96:4c:
                    16:85:a3:41:6e:55:ec:01:fb:e7:36:90:22:81:7f:
                    e5:95:3d:18:5d:af:2b:8d:e6:9c:44:2f:ec:0a:ba:
                    b1:47:29:f1:d8:60:9d:26:31:cb:78:92:ce:d3:6a:
                    d8:54:35:97:a5:52:06:b8:80:6b:82:44:4f:cd:f3:
                    c2:33:ae:59:bc:77:8a:01:45:02:b3:a0:20:44:97:
                    bd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        42:21:01:72:15:53:e0:2c:b0:b2:0b:8a:c8:db:33:cb:27:71:
        56:15:f9:80:55:af:4c:0a:ee:e5:ba:f1:85:c6:4e:8c:36:80:
        58:c8:dc:2d:aa:11:6e:6c:db:d5:8f:81:61:52:ff:a3:d6:7d:
        89:9d:6e:05:35:ea:bc:48:92:4a:b5:fa:b7:a2:c8:9e:f2:23:
        bf:6b:27:a0:53:85:04:d7:3a:69:75:7a:62:16:84:72:55:7a:
        3e:32:a7:38:90:0a:54:8c:ba:c1:0b:24:df:b6:0d:24:e0:74:
        8b:f4:2a:5f:6c:21:d4:c1:ab:50:71:b8:71:c7:ea:f6:77:28:
        f6:a2:b7:42:d8:66:8a:82:8c:f7:b3:91:03:33:bf:cd:7c:2c:
        24:ec:95:0c:2b:1f:47:63:c4:ff:e8:5c:fb:ee:17:ca:1a:2a:
        4a:61:fe:6f:8c:b1:cb:fb:7b:8c:48:46:bf:04:f8:8d:3d:68:
        3e:1e:d9:42:02:6b:1c:36:1b:e7:9e:e6:4a:15:27:0e:e3:7d:
        b0:c1:df:cf:ef:3c:8d:0a:4d:50:aa:5c:8e:4f:2b:96:20:ef:
        ad:62:5d:b3:96:68:c2:60:85:c4:09:cd:72:8d:d3:f6:1e:97:
        bc:69:a6:23:40:8b:3d:b3:ce:e3:93:e5:9c:b9:38:c9:e8:6b:
        34:db:70:cd

-2121308610 | 2024-04-26T20:19:53.855827

80 / tcp

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 26 Apr 2024 20:19:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Vary: Cookie, Accept-Language, Origin
X-Frame-Options: DENY
Location: https://stag.cop.partnersforum.in/
Content-Language: en
Set-Cookie: csrftoken=15DwUFShGFnM69EmXGwcCeD9F0YwoRusmEXkkJx5BBWgObTj3NDZdR7juc8N1IZS; expires=Fri, 25 Apr 2025 20:19:53 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: sessionid=1|12tybjyvbq0emjj3mwdd5idtk6faa29u|RXy8pglqwDn5|ImNmMjMzOGI5MTk2OGIzZjc5MDIwNzNhMjE2ZWFiNTUwYjZiMGExMjUyZDc5YTI0MzVkZjgzYmMzOGY5MGNmODYi:1s0S2z:W_KmP5kUb-jD6jqWr3P3J44KN20; Domain=.lms.partnersforum.in; expires=Fri, 10 May 2024 20:19:53 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
X-Content-Type-Options: nosniff
P3P: CP="Open edX does not have a P3P policy."
Referrer-Policy: same-origin
Content-Security-Policy: default-src 'self' https: https:// 'unsafe-inline' 'unsafe-eval'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Permissions-Policy: camera=(), microphone=(), geolocation=()
Cache-Control: no-cache

1553188080 | 2024-05-07T21:37:54.219967

123 / udp

NTP
protocolversion: 3
stratum: 3
leap: 0
precision: -23
rootdelay: 0.0620880126953
rootdisp: 0.0320129394531
refid: 2900910532
reftime: 3924105835.68
poll: 3

301878379 | 2024-04-26T11:37:54.894777

443 / tcp

HTTP/1.1 400 Bad Request
Server: nginx
Date: Fri, 26 Apr 2024 11:37:54 GMT
Content-Type: text/html
Content-Length: 248
Connection: close
Referrer-Policy: same-origin
Content-Security-Policy: default-src 'self' https: https:// 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Permissions-Policy: camera=(), microphone=(), geolocation=()

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

50704379 | 2024-05-18T02:08:13.207998

4369 / tcp

Erlang Port Mapper Daemon:
  nodes:
    rabbit: 25672

1542451699 | 2024-05-19T01:44:30.301805

9200 / tcp

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 340


Elastic:
  Total Size: 744.78 KB
  Total Docs: 753
  Indices:
    api (9.94 KB)
    ccmadmin (575.0 B)
    commpilot (575.0 B)
    console (575.0 B)
    courseware_index (713.6 KB)
    flexnet (575.0 B)
    fpc (4.13 KB)
    hybridity (3.7 KB)
    mifs (575.0 B)
    opennms (575.0 B)
    orion (575.0 B)
    seeyon (575.0 B)
    suite-auth (3.72 KB)
    ui (575.0 B)
    website (2.95 KB)
    wls-wsat (575.0 B)
    zdm (575.0 B)
    .kibana_1 (575.0 B)

103.248.60.107

Last Seen: 2024-05-19

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-346721832 | 2024-04-30T03:41:17.191468
25 / tcp

Postfix smtpd

-2121308610 | 2024-04-26T20:19:53.855827
80 / tcp

nginx

1553188080 | 2024-05-07T21:37:54.219967
123 / udp

301878379 | 2024-04-26T11:37:54.894777
443 / tcp

nginx

50704379 | 2024-05-18T02:08:13.207998
4369 / tcp

Erlang Port Mapper Daemon

1542451699 | 2024-05-19T01:44:30.301805
9200 / tcp

Elastic1.5.2

Products

Pricing

Contact Us

103.248.60.107

Last Seen: 2024-05-19

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-346721832 | 2024-04-30T03:41:17.191468 25 / tcp

Postfix smtpd

-2121308610 | 2024-04-26T20:19:53.855827 80 / tcp

nginx

1553188080 | 2024-05-07T21:37:54.219967 123 / udp

301878379 | 2024-04-26T11:37:54.894777 443 / tcp

nginx

50704379 | 2024-05-18T02:08:13.207998 4369 / tcp

Erlang Port Mapper Daemon

1542451699 | 2024-05-19T01:44:30.301805 9200 / tcp

Elastic1.5.2

Products

Pricing

Contact Us

-346721832 | 2024-04-30T03:41:17.191468
25 / tcp

-2121308610 | 2024-04-26T20:19:53.855827
80 / tcp

1553188080 | 2024-05-07T21:37:54.219967
123 / udp

301878379 | 2024-04-26T11:37:54.894777
443 / tcp

50704379 | 2024-05-18T02:08:13.207998
4369 / tcp

1542451699 | 2024-05-19T01:44:30.301805
9200 / tcp