Security Center Enterprise can detect major types of application vulnerabilities.

Background information

Only the Enterprise edition supports application vulnerability detection. If you are using Security Center Basic or Advanced, you must upgrade it to the Enterprise edition to use this feature.

Procedure

  1. Login Cloud security center console.
  2. In the left-side navigation pane, click Protection > Vulnerabilities, open Vulnerabilities Page, click Application.
  3. On the Application page, you can view all the application vulnerabilities detected by Security Center. This page also displays vulnerability fixing suggestions, vulnerability priorities, and vulnerability states. You can manage vulnerabilities on this page.
    • View vulnerability priorities (urgency levels)

      The priorities of application vulnerabilities include High (displayed in red), Medium (displayed in orange), and Low (displayed in grey).

    • View vulnerability states
      • Handled
        • Handled: The vulnerability is already fixed.
        • Fix Failed: The vulnerability failed to be fixed.
        • Ignored: The vulnerability is ignored. Security Center no longer sends alerts after this vulnerability is detected.
        • Invalid Vulnerability: The vulnerability has not been detected in the last seven days.
      • Unhandled: The vulnerability is waiting to be fixed.
    • Filter vulnerabilities

      On the Application tab, you can filter vulnerabilities by vulnerability priority (high, medium, or low), state (handled or unhandled), vulnerability name, server IP address, or server name.

    • View vulnerability details

      On the Application tab, click the name of a vulnerability in the Vulnerability Name column to go to the vulnerability details page.

      The details page displays the affected assets, proofs of concepts, and security suggestions. You can also ignore vulnerabilities, add vulnerabilities to the whitelist, and verify vulnerabilities.

      On the Application tab, click the name of an asset in the Affected Assets column to go to the Assets > Vulnerabilities > Application tab. The vulnerability details are displayed on this tab.

    • Manage vulnerabilities
      • Fix vulnerabilities

        On the vulnerability details page, you can follow the security suggestions to fix vulnerabilities.

      • Verify vulnerabilities
        • On the Application page, find the target vulnerability and click Verify in the Actions column to verify that the vulnerability has been fixed.
        • You can also select multiple vulnerabilities on the Application tab and click Verify to verify that the selected vulnerabilities have been fixed.

        After you click Verify, the state of the vulnerability becomes Verifying. It takes several seconds to verify vulnerabilities.

      • Ignore vulnerabilities
        • On the Application page, find the target vulnerability and click Ignore to have Security Center ignore this vulnerability.
        • You can also select multiple vulnerabilities on the Application tab, and click Ignore in the lower-left corner to have Security Center ignore the selected vulnerabilities.
        Note After you ignore a vulnerability, the vulnerability state is changed to Ignored. If you want Security Center to alert you of an ignored vulnerability again, select it in the Handled vulnerability list and click Cancel ignore.
      • Add vulnerabilities to the whitelist
        • On the Application page, find the target vulnerability and click Add to Whitelist in the Actions column to add the vulnerability to the whitelist.
        • You can also select multiple vulnerabilities on the Application tab and click Add to Whitelist in the lower-left corner to add the selected vulnerabilities to the whitelist.

        After a vulnerability is added to the whitelist, Security Center no longer sends alerts to you when this vulnerability is detected.

        After a vulnerability is added to the whitelist, the vulnerability is removed from the vulnerability list. You can click Settings in the upper-right corner and view vulnerabilities that are added to the whitelist in the Vul Whitelist table.

        If you want Security Center to detect and alert you of a vulnerability again, find and select the vulnerability in the Vul Whitelist table, and then click Remove to remove the vulnerability from the whitelist.

    • Export vulnerabilities
      On the Application tab, click the Download icon to export all the vulnerabilities to your local computer. The vulnerabilities are exported to an Excel file.
      Note It may take a few minutes to export the vulnerabilities. A larger file takes a longer time.

Detectable application vulnerabilities

Vulnerability type Detection item
Weak passwords in system services OpenSSH services
MySQL database services
MSSQL database services
MongoDB database serivces
FTP, VSFTP, and ProFTPD services
Memcache cache services
Redis cache services
Subversion version control services
SMB file sharing services
SMTP emailing services
POP3 email receiving services
IMAP email management services
Vulnerabilities in system services OpenSSL heartbleed vulnerabilities
SMB
  • Samba vulnerabilities
  • Brute-force attacks using weak passwords
RSYNC
  • Anonymous access to sensitive data
  • Brute-force attacks targeting password-based authentication
Brute-force attacks targeting virtual network computing passwords
Brute-force attacks targeting pcAnywhere passwords
Brute-force attacks targeting Redis passwords
Vulnerabilities in applications services phpMyAdmin weak password detection
Tomcat console weak password detection
Apache Struts 2 remote code execution vulnerabilities
Apache Struts 2 remote code execution vulnerability (S2-046)
Apache Struts 2 remote code execution vulnerability (S2-057)
ActiveMQ arbitrary file upload vulnerability (CVE-2016-3088)
Confluence arbitrary file read vulnerability
CouchDB Query Server remote code execution
Discuz! Brute-force attacks targeting administrator weak passwords
Unauthenticated access to Docker
Drupal Drupalgeddon2 remote code execution (CVE-2018-7600)
ECshop code execution vulnerabilities in logon API
Unauthenticated access to Elasticsearch
Elasticsearch Mvel remote code execution (CVE-2014-31)
Elasticsearch Groovy remote code execution (CVE-2015-1427)
Weaver OA expression injection
Unauthenticated access to Hadoop YARN ResourceManager
Directory traversal vulnerabilities in JavaServer Faces 2
Java deserialization vulnerabilities in JBoss EJBInvokerServlet
Anonymous access to Jenkins Manage (CVE-2018-1999001 and CVE-2018-1999002)
Unauthorized access to Jenkins
Jenkins Script Security plugin remote code execution
Unauthenticated access to Kubernetes
SQL injection in the MetInfo getPassword API
SQL injection in the MetInfo logon API
PHPCMS 9.6 arbitrary file upload vulnerabilities
PHP-CGI remote code execution
Unauthorized remote code execution in actuators
ThinkPHP remote code execution (20190111)
SSRF vulnerabilities in WebLogic UDDI Explorer
SSRF vulnerabilities in WordPress xmlrpc.php
Brute-force attacks targeting Zabbix Web console
OpenSSL heartbleed vulnerabilities
Unauthenticated access to Apache Tomcat WEB-INF configuration file