Security Center can detect and fix web-CMS vulnerabilities. The web-CMS vulnerability detection feature can monitor website directories. By comparing vulnerability files with the vulnerability library, this feature can detect the vulnerabilities in website builders and identify common website builders. This topic describes how to view information about web-CMS vulnerabilities and manage them.

Background information

The web-CMS vulnerability detection feature obtains the information about the latest web-CMS vulnerabilities and provides update patches in the cloud. This allows you to quickly detect and fix web-CMS vulnerabilities. This feature detects vulnerabilities dynamically, provides vulnerability fixes, and applies patches to fix multiple vulnerabilities at a time.

Note
  • The Basic and Basic Anti-Virus editions of Security Center can only detect vulnerabilities. To use Security Center to fix vulnerabilities, you must upgrade Security Center to the Advanced or Enterprise edition. For more information about features supported by each edition of Security Center, see Features.
  • After you fix vulnerabilities in the Security Center console, the fixes take effect immediately. You do not need to verify the fixes.

View information about vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Web CMS tab.
  4. On the Web-CMS tab, you can view information about all web-CMS vulnerabilities detected by Security Center.
    • View vulnerability informationVulnerability information
    • View vulnerability priorities

      Web-CMS vulnerabilities are high-risk vulnerabilities confirmed by Alibaba Cloud security engineers. Web-CMS vulnerabilities have High priorities and are marked in red.

      Priority
      Note We recommend that you fix web-CMS vulnerabilities at the earliest opportunity.
    • Add a vulnerability to the whitelist

      On the Web CMS tab, you can select the target vulnerability and click Add to Whitelist to add it to the whitelist. After you add the vulnerability to the whitelist, Security Center no longer generates alerts when it is detected.

      Add a vulnerability to the whitelist

      The vulnerability added to the whitelist is removed from the vulnerability column on the Web-CMS tab. It is added to the Vul Whitelist on the Settings page.

      If you want Security Center to detect and generate alerts on a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and click Remove to remove the vulnerability from the whitelist.

      Remove a vulnerability from the whitelist
    • Fix multiple vulnerabilities at a time
      When you fix multiple vulnerabilities at a time, the affected assets are identified and the vulnerabilities on these assets are fixed. On the Web CMS tab, you can select the vulnerabilities to be fixed and click Batch Repair. In the Batch Repair dialog box, you can view the list of assets where vulnerabilities are detected and need to be fixed. You can select Create snapshots automatically and fix or Skip snapshot backup and fix directly, and click Fix Now.
      Note
      • You can select only the vulnerabilities on the current page. Each page can display 10, 20, or 50 vulnerabilities. Therefore, you can fix a maximum of 50 vulnerabilities at a time.
      • The system may fail to fix a vulnerability. We recommend that you select Create snapshots automatically and fix to create a snapshot of the system. For more information about snapshots, see Overview.
      • Creating snapshots incurs fees based on the usage. For a 40 GB system disk, the snapshot storage fee is approximately USD 0.15 per day. For more information about the pricing of snapshots, see Snapshot billing.
    • Filter vulnerabilities

      On the Web CMS tab, you can filter vulnerabilities by vulnerability name, severity level (high, medium, and low), asset group, or vulnerability status (handled, unhandled).

      Filter vulnerabilities
      Note Fuzzy match for vulnerability names is supported.
    • Export vulnerabilities
      On the Web CMS tab, you can click The Export icon to export and save all detected Web-CMS vulnerabilities to an on-premises machine. The vulnerabilities are exported to an Excel file.
      Note It may take some time to export the vulnerability records, depending on the file size.

Manage vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Web CMS tab.
  4. In the vulnerability column, you can click the name of the target Vulnerability or click Repair in the Actions column of the target Vulnerability to go to the Detail tab.
    You can view the details of the vulnerability, the number of unhandled vulnerabilities, and the information about the affected assets. The detail tab
  5. On the Detail tab, you can view and manage the vulnerability.
    Perform the following operations as needed:
    • View vulnerability details

      The Detail tab displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze and manage multiple vulnerabilities at a time.

      • On the Detail tab, you can view the brief announcement of the vulnerability and solutions.
      • The Pending vulnerability tab displays the assets that are affected by the vulnerability.

        In the Affected Assets column, you can view the assets affected by the vulnerability and vulnerability status. You can also verify, fix, ignore, or add the vulnerability to the whitelist.

      View vulnerability details
      On the Detail tab, you can click the name of the Affected Asset. On the Assets > Vulnerability page that appears, you can view all web-CMS vulnerabilities associated with this asset. The Assets page
    • View vulnerability priorities

      Web-CMS vulnerabilities are high-risk vulnerabilities confirmed by Alibaba Cloud security engineers. Web-CMS vulnerabilities have High priorities and are marked in red.

      Vulnerability priorities
      Note We recommend that you fix web-CMS vulnerabilities at the earliest opportunity.
    • Filter vulnerabilities

      On the Pending vulnerability tab, you can filter affected assets by vulnerability priority (high, medium, and low), asset group, vulnerability status (handled and unhandled), server IP address, VPC name, or server name.

      Filter vulnerabilities
      Note Fuzzy match for server IP addresses and names is supported.
    • View vulnerability status
      • Handled
        • Fixed: The vulnerability has been fixed.
        • Ignored: The vulnerability is Ignored. Security Center no longer generates alerts when this vulnerability is detected.
        • Invalid: The vulnerability cannot be detected. You may have already deleted the vulnerability file.
      • Unhandled
        • Unfixed: The vulnerability is not fixed.
        • Fixing: The vulnerability is being fixed.
        • Fix Failed: Security Center failed to fix the vulnerability. The vulnerability file may have been modified or does not exist.
        • Verifying: Security Center is checking whether the vulnerability is fixed.
    • Manage vulnerabilities

      In the Actions column, you can fix, verify, ignore, or add the vulnerability to the whitelist.

      Manage vulnerabilities
      • Fix vulnerabilities
        You can click Fix in the Actions column to fix one or more associated vulnerabilities at a time. In the Repair dialog box, click Fix Now. Fix vulnerabilities
        Note To avoid unnecessary losses, we recommend that you back up your system before you fix vulnerabilities.
      • Verify: If you manually fix a web-CMS vulnerability, you must verify the fix. After you verify the fix, the status of the vulnerability is updated. If you fix a web-CMS vulnerability in the Security Center console, the fix takes effect immediately. You do not need to verify the fix.
      • Add a vulnerability to the whitelist

        In the upper-right corner of the Detail tab, you can click Add to Whitelist to add one or more vulnerabilities to the whitelist. After the vulnerabilities are added to the whitelist, Security Center no longer generates alerts on the vulnerabilities.

        The vulnerability added to the whitelist is removed from the vulnerability column on the Web-CMS tab. It is added to the Vul Whitelist on the Settings page.

        If you want Security Center to detect and generate alerts on a vulnerability that is already added to the whitelist, select the vulnerability on the Settings page and click Remove to remove the vulnerability from the whitelist.

      • Ignore vulnerabilities

        You can select one or more vulnerabilities to be ignored, click Ignore a vulnerability or undo a fix, and then select Ignore. Security Center no longer generates alerts on the vulnerabilities.

        Note After you Ignore a vulnerability, the status of the vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, select the vulnerability in the Handled vulnerability list and click Cancel ignore.
    • Export affected assets
      In the upper-left corner of the Pending vulnerability tab, you can click The Export icon to export affected asset records to an on-premises machine The asset records are exported to an Excel file.
      Note It may take some time to export the asset records, depending on the file size.
    • Save filtered vulnerabilities

      In the upper-left corner of the Pending vulnerability tab, you can click The Save icon to save the filtered vulnerabilities as a group. This allows you to keep monitoring the vulnerability status of this group.

      Save filtered vulnerabilities