topic Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability in Splunk AppDynamics

Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

CommunityUser — Tue, 11 Apr 2017 13:58:10 GMT

We are gearing up to be audited for PCI. How can I achieve the above result so that we can get a clean scan on our servers?

Here is more info:

TCP Port 9091

[root@01 ~]# netstat -putan | egrep "9091"
tcp 0 0 :::9091 :::* LISTEN 2318/java

[root@01 ~]# ps aux | grep 2318
root 555 0.0 0.0 103320 844 pts/0 R+ 14:42 0:00 grep 2318
root 2318 0.1 4.1 7854504 336264 ? Sl Feb10 151:56 /opt/appdynamics/machine-agent/jre/bin/java -Dlog4j.configuration=file:/opt/appdynamics/machine-agent/conf/logging/log4j.xml -jar /opt/appdynamics/machine-agent/machineagent.jar

[root@01 ~]# /opt/appdynamics/machine-agent/jre/bin/java -version
java version "1.8.0_74"
Java(TM) SE Runtime Environment (build 1.8.0_74-b02)
Java HotSpot(TM) 64-Bit Server VM (build 25.74-b02, mixed mode)

Thanks

Kobus

Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

Saradhi_Pothara — Tue, 11 Apr 2017 17:32:14 GMT

Hi Kobus,

Is this vulenaribility discovered on an AppDynamics Contoller endpoint? If so could you please share the endpoint URL?

Machine Agent is not a web server, so I do not see the connection.

Regards,
Saradhi

Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

CommunityUser — Wed, 12 Apr 2017 08:35:28 GMT

Thank you fo rthe reply.

In answer:

Well it is on one, and only one of our servers. It is not on an endpoint, just a normal server with the client installed.

So yes, I dont understand that either. I might just reinstall the client and see what happens.

Kobus

Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

Saradhi_Pothara — Wed, 12 Apr 2017 08:41:36 GMT

Hi Kobus,

Machine agent runs as a standalone java program. If there is any other
webserver installed on the same server as machine agent you might want to
check that web server.

Regards,
Saradhi

Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

CommunityUser — Wed, 12 Apr 2017 08:49:44 GMT

Well, there is, but the other webservers does not have this port 9091 open. Just this one process as I listed in my original post.

Re: Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

Saradhi_Pothara — Wed, 12 Apr 2017 10:58:11 GMT

It would give a better idea how the vulnearibility scanner detects this vulnerability on 9091. It should be calling some end point otherwise I do not see an issue of XSS.