The application vulnerability detection feature can help you detect major application vulnerabilities. This topic describes how to view the details of application vulnerabilities and how to manage application vulnerabilities.

Limits

The application vulnerability detection feature has the following limits.

Limit Description
Asset type The application vulnerability detection feature only supports Alibaba Cloud Elastic Compute Service (ECS) instances. External servers or servers in on-premises data centers are not supported.
Edition Only the Enterprise edition of Security Center supports application vulnerability detection. The Basic and Advanced edition do not support this feature.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Application tab.
  4. On the Application tab, you can view all the application vulnerabilities detected by Security Center. This page also displays vulnerability fixing suggestions, vulnerability priorities, and vulnerability statuses.
    • View vulnerability priorities

      The priorities of application vulnerabilities include High (displayed in red), Medium (displayed in orange), and Low (displayed in grey).

    • View vulnerability statuses
      • Handled
        • Handled: The vulnerability has been fixed.
        • Ignored: The vulnerability has been ignored. Security Center no longer generates alerts when this vulnerability is detected.
      • Unhandled: The vulnerability has not been fixed.
    • Filter vulnerabilities

      On the Application tab, you can filter vulnerabilities by vulnerability priority (high, medium, or low), status (handled or unhandled), vulnerability name, server IP address, or server name.

    • View vulnerability details

      On the Application tab, click the name of a vulnerability in the Vulnerability column to go to the vulnerability details page.

      The details page displays the affected assets, vulnerability proofs, and security suggestions. You can also ignore vulnerabilities, add vulnerabilities to the whitelist, and verify vulnerabilities on the details page.

      On the Application tab, click the name of an asset in the Affected Assets column to go to the Assets > Vulnerabilities > Application tab. The vulnerability details are displayed on this tab.

    • Manage vulnerabilities
      • Fix vulnerabilities

        On the details page, you can follow the security suggestions to fix vulnerabilities.

      • Verify vulnerabilities
        • On the Application page, find the target vulnerability and click Verify in the Actions column to check whether the vulnerability has been fixed.
          Note After you verify the vulnerability, the Status of the vulnerability changes to Verifying. It takes several seconds to verify a vulnerability.
        • You can also select multiple vulnerabilities on the Application tab to verify whether the selected vulnerabilities have been fixed.
      • Ignore vulnerabilities
        • On the Application tab, find the target vulnerability and click Ignore to allow Security Center to ignore this vulnerability.
        • You can also select multiple vulnerabilities on the Application tab, and click Ignore to have Security Center ignore the selected vulnerabilities.
        Note After you Ignore a vulnerability, the status of the vulnerability is changed to Ignored. If you want Security Center to alert you of an ignored vulnerability again, select the vulnerability in the Handled vulnerability list and click Cancel ignore.
      • Add vulnerabilities to the whitelist
        • On the Application page, find the target vulnerability and click Add Whitelist in the Actions column to add the vulnerability to the whitelist.
        • You can also select multiple vulnerabilities on the Application tab to add the selected vulnerabilities to the whitelist.

        After a vulnerability is added to the whitelist, Security Center no longer generates alerts when this vulnerability is detected.

        After a vulnerability is added to the whitelist, the vulnerability is removed from the vulnerability list. You can click Settings in the upper-right corner and view vulnerabilities that are added to the whitelist in the Vul Whitelist table.

        If you want Security Center to detect and generate alerts upon a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and then click Remove to remove the vulnerability from the whitelist.

    • Export vulnerabilities

      On the Application tab, click the Download icon to export all the vulnerabilities to your local computer. The vulnerabilities are exported to an Excel file.

      Note It may take a long time to export the vulnerabilities, depending on the file size.

Types of vulnerabilities that can be detected

Vulnerability type Check item
Weak passwords in system services OpenSSH services
Apsara DB for MySQL database services
MSSQL database services
ApsaraDB for MongoDB database services
FTP, VSFTP, and ProFTPD services
ApsaraDB for Memcache cache services
ApsaraDB for Redis cache services
Subversion control services
SMB file sharing services
SMTP emailing services
POP3 email receiving services
IMAP email management services
Vulnerabilities in system services OpenSSL heartbleed vulnerabilities
SMB
  • Samba
  • Brute-force attacks against weak passwords
RSYNC
  • Anonymous access to sensitive data
  • Brute-force attacks against password-based authentication
Brute-force attacks against VNC passwords
Brute-force attacks against pcAnywhere passwords
Brute-force attacks against ApsaraDB for Redis passwords
Vulnerabilities in application services phpMyAdmin weak password detection
Tomcat console weak password detection
Apache Struts 2 remote code execution vulnerabilities
Apache Struts 2 remote code execution vulnerability (S2-046)
Apache Struts 2 remote code execution vulnerability (S2-057)
ActiveMQ arbitrary file upload vulnerability (CVE-2016-3088)
Confluence arbitrary file read vulnerability
CouchDB Query Server remote code execution
Discuz! Brute-force attacks against administrator weak passwords
Unauthorized access to Docker
Drupal Drupalgeddon2 remote code execution (CVE-2018-7600)
ECshop code execution vulnerabilities in logon API
Unauthorized access to Elasticsearch
Elasticsearch Mvel remote code execution (CVE-2014-31)
Elasticsearch Groovy remote code execution (CVE-2015-1427)
Weaver OA expression injection
Unauthorized access to Hadoop YARN ResourceManager
Directory traversal vulnerabilities in JavaServer Faces 2
Java deserialization vulnerabilities in JBoss EJBInvokerServlet
Anonymous access to Jenkins Manage (CVE-2018-1999001 and CVE-2018-1999002)
Unauthorized access to Jenkins
Jenkins Script Security plugin remote code execution
Unauthorized access to Kubernetes
SQL injection in the MetInfo getPassword API
SQL injection in the MetInfo logon API
PHPCMS 9.6 arbitrary file upload vulnerabilities
PHP-CGI remote code execution
Unauthorized remote code execution in actuators
ThinkPHP remote code execution (20190111)
SSRF vulnerabilities in WebLogic UDDI Explorer
SSRF vulnerabilities in WordPress xmlrpc.php
Brute-force attacks targeting Zabbix web console
OpenSSL heartbleed vulnerabilities
Unauthorized access to Apache Tomcat WEB-INF configuration files