Rohit Bajaj
asked on
Exploiting vulnerabilities in shodan
Hi
One of the servers that I work on I scanned the ip with shodan below
https://www.shodan.io/host/54.193.79.8
I see several vulnerabilities.
But dont know if anything is really serious etc.
Like one of the vulnerability mentioned is CVE-2018-0737
How can this be exploited ?
is it something that can be used to gain access to the system or database ?
Thanks
One of the servers that I work on I scanned the ip with shodan below
https://www.shodan.io/host/54.193.79.8
I see several vulnerabilities.
But dont know if anything is really serious etc.
Like one of the vulnerability mentioned is CVE-2018-0737
How can this be exploited ?
is it something that can be used to gain access to the system or database ?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Essentially anything protected by transport layer security implemented through the defective versions of OpenSSL was at risk, including secret keys that identify service providers and encrypt network traffic, user names and passwords, and any content sent over the connection.
Protect Data in Transit
To ensure that data is protected while in transit:
• Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the Internet.
• Use encrypted protocols to protect data in transit or encrypt data before transmitting it.
• Use adequately configured and up-to-date SSL/TLS.
• Use standard, robust encryption protocols.
National Vulnerability Database (NVD) includes databases of security checklists, security-related software defects, misconfigurations, product names, and impact metrics. Monitor the NVD and other vulnerability databases for any components of applications you use.
https://nvd.nist.gov/vuln/detail/CVE-2019-1552
Protect Data in Transit
To ensure that data is protected while in transit:
• Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the Internet.
• Use encrypted protocols to protect data in transit or encrypt data before transmitting it.
• Use adequately configured and up-to-date SSL/TLS.
• Use standard, robust encryption protocols.
National Vulnerability Database (NVD) includes databases of security checklists, security-related software defects, misconfigurations, product names, and impact metrics. Monitor the NVD and other vulnerability databases for any components of applications you use.
https://nvd.nist.gov/vuln/detail/CVE-2019-1552
If it's low then forget about it, however if it's high you have to find a solution for it.