This topic describes the possible causes and solutions to vulnerability fix failures that occurred in the Security Center console.
Overview
Vulnerability fixes may fail due to various causes, such as an outdated system, incompatibility between the patch and the server, or a poor network connection. This topic covers the common causes of vulnerability fix failures. If the cause of a vulnerability fix failure is not mentioned in this topic, we recommend that you search the Internet for more information about the specific vulnerability to troubleshoot the failure.
Scenarios
- Linux software vulnerabilities
- Windows vulnerabilities
- Web-CMS vulnerabilities
Possible causes that lead to fix failures of Windows and Linux software vulnerabilities
If the system prompts that a fix failed when you fix a Windows or Linux software vulnerability in the Security Center console, see the following table to troubleshoot the failure.
Possible cause | Description | Solution |
---|---|---|
The network connection is abnormal. | If a network connection error occurs on your server, the vulnerability fix may fail. | Troubleshoot the network connection error. |
The Security Center agent of the server on which the vulnerability is detected is disconnected from Alibaba Cloud. | If the Security Center agent is disconnected from Alibaba Cloud, the vulnerability fix may fail. Network connection errors on the server, high CPU utilization, or high memory usage may cause the Security Center agent to disconnect from Alibaba Cloud. | Troubleshoot the Security Center agent disconnection. For more information, see Troubleshoot why the Security Center agent is offline. |
The disk or memory space of the server on which the vulnerability is detected is insufficient. | If the disk does not have sufficient space, Security Center cannot download the patch package that is required to fix the vulnerability. | To troubleshoot this failure, perform the following steps:
|
No permissions are granted to read or write the disk file system of the server on which the vulnerability is detected. | If you do not have the read and write permissions on the disk file system, Security Center cannot download the patch package that is required to fix the vulnerability. | To troubleshoot this failure, perform the following steps:
|
Linux vulnerability: Configuration errors occur in the system update source for the server on which the vulnerability is detected. | If configuration errors occur in the system update source or the YUM repositories are not up-to-date, Security Center cannot install the update as expected. | To troubleshoot this failure, perform the following steps:
|
Linux vulnerability: The RPM database is corrupted. | If the RPM database is corrupted, Security Center cannot install the software package that is required to fix the vulnerability. | To troubleshoot this failure, perform the following steps:
Notice This command may take a long time to run.
|
Windows vulnerability: The prepatch for the vulnerability is missing. | If the prepatch for the vulnerability is missing, the vulnerability fix may fail. | To troubleshoot this failure, perform the following steps:
|
Windows vulnerability: The Windows Update or Windows Modules Installer service is disabled on the server on which the vulnerability is detected. | If the Windows Update or Windows Modules Installer service is disabled, Security Center cannot download the patch package that is required to update the server system. | To troubleshoot this failure, perform the following steps:
|
Windows vulnerability: Errors occurred during the downloading and installation of the patch package that is required to fix the vulnerability. | If the patch package is not found or is incompatible with the server operating system, the vulnerability fix may fail. | To troubleshoot this failure, perform the following steps:
|
Windows vulnerability: Other errors occur on the server. | None. | To troubleshoot this failure, perform the following steps:
|
Possible causes that lead to fix failures of Web-CMS vulnerabilities
Possible cause | Description | Solution |
---|---|---|
The network connection is abnormal. | If a network connection error occurs on your server, the vulnerability fix may fail. | Troubleshoot the network connection error. |
The Security Center agent of the server on which the vulnerability is detected is disconnected from Alibaba Cloud. | If the Security Center agent is disconnected from Alibaba Cloud, the vulnerability fix may fail. Network connection errors on the server, high CPU utilization, or high memory usage may cause the Security Center agent to disconnect from Alibaba Cloud. | Troubleshoot the Security Center agent disconnection. For more information, see Troubleshoot why the Security Center agent is offline. |
The disk or memory space of the server on which the vulnerability is detected is insufficient. | If the disk does not have sufficient space, Security Center cannot download the patch package that is required to fix the vulnerability. | To troubleshoot this failure, perform the following steps:
|
Third-party security software is installed on the server on which the vulnerability is detected. | If security software, such as SafeDog, is installed on the server and you have optimized
directory permissions or modified relevant settings by using the software, the system
account may not have permissions to write the files in the www directory and its subdirectories. As a result, the vulnerability fix may fail.
|
Check whether the system account has the read and write permissions on the www directory and its subdirectories. If no, manually grant the permissions to the system
account.
|
The vulnerability file does not exist. | If the vulnerability file is deleted, Security Center prompts that the fix failed. | To troubleshoot this failure, perform the following steps:
|
References
We recommend that you fix vulnerabilities at the earliest opportunity. Before you fix vulnerabilities, make sure that you understand the preparations and risk prevention measures. For more information, see Fix software vulnerabilities.
For more information about vulnerability fixes, see FAQ overview.