Splunk AppDynamics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Disable Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability

CommunityUser
Splunk Employee
Splunk Employee
‎04-11-2017 06:58 AM

Hi

We are gearing up to be audited for PCI. How can I achieve the above result so that we can get a clean scan on our servers?

Here is more info:

TCP Port 9091

[root@01 ~]# netstat -putan | egrep "9091"
tcp        0      0 :::9091                     :::*                        LISTEN      2318/java

[root@01 ~]# ps aux | grep 2318
root       555  0.0  0.0 103320   844 pts/0    R+   14:42   0:00 grep 2318
root      2318  0.1  4.1 7854504 336264 ?      Sl   Feb10 151:56 /opt/appdynamics/machine-agent/jre/bin/java -Dlog4j.configuration=file:/opt/appdynamics/machine-agent/conf/logging/log4j.xml -jar /opt/appdynamics/machine-agent/machineagent.jar

[root@01 ~]# /opt/appdynamics/machine-agent/jre/bin/java -version
java version "1.8.0_74"
Java(TM) SE Runtime Environment (build 1.8.0_74-b02)
Java HotSpot(TM) 64-Bit Server VM (build 25.74-b02, mixed mode)

Thanks

Kobus

Labels (1)
Labels
0 Karma
Reply

Saradhi_Pothara
Communicator
‎04-11-2017 10:32 AM

Hi Kobus,


Is this vulenaribility discovered on an AppDynamics Contoller endpoint? If so could you please share the endpoint URL?

Machine Agent is not a web server, so I do not see the connection.


Regards,
Saradhi

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-12-2017 01:35 AM

Hi

Thank you fo rthe reply.

In answer:

Well it is on one, and only one of our servers. It is not on an endpoint, just a normal server with the client installed.

So yes, I dont understand that either. I might just reinstall the client and see what happens.

Kobus

0 Karma
Reply

Saradhi_Pothara
Communicator
‎04-12-2017 01:41 AM
Hi Kobus,

Machine agent runs as a standalone java program. If there is any other
webserver installed on the same server as machine agent you might want to
check that web server.

Regards,
Saradhi
0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-12-2017 01:49 AM

Well, there is, but the other webservers does not have this port 9091 open. Just this one process as I listed in my original post.

0 Karma
Reply

Saradhi_Pothara
Communicator
‎04-12-2017 03:58 AM

It would give a better idea how the vulnearibility scanner detects this vulnerability on 9091. It should be calling some end point otherwise I do not see an issue of XSS.

0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital ResilienceTune in to What’s New in Splunk Enterprise ...

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...