The application vulnerability detection feature can detect common application vulnerabilities. This topic describes how to view and handle application vulnerabilities.
Limits
Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Feature.
Limits
- Security Center can detect application vulnerabilities, but it cannot fix the detected application vulnerabilities. You must manually fix the vulnerabilities on your servers by following Suggestions on the Detail tab.
- Security Center provides two modes to scan application vulnerabilities: Web Scanner and Software Component Analysis. The two modes have the following limits:
- Web Scanner: scans only the servers that can access the Internet and have the Security Center agent installed. The servers can be Elastic Compute Service (ECS) instances or the servers that are not deployed on Alibaba Cloud.
- Software Component Analysis: scans the servers that have the Security Center agent installed. The servers can be ECS instances or the servers that are not deployed on Alibaba Cloud.
View the basic information about a vulnerability
View vulnerability details and handle vulnerabilities
Application vulnerabilities that can be detected
Vulnerability type | Check item |
---|---|
Weak passwords in system services | OpenSSH services |
MySQL database services | |
Microsoft SQL Server (MSSQL) database services | |
MongoDB database services | |
FTP, VSFTP, and ProFTPD services | |
Memcache cache services | |
Redis caching services | |
Subversion control services | |
Server Message Block (SMB) file sharing services | |
Simple Mail Transfer Protocol (SMTP) email delivery services | |
Post Office Protocol 3 (POP3) email reception services | |
Internet Message Access Protocol (IMAP) email management services | |
Vulnerabilities in system services | OpenSSL heartbleed vulnerabilities |
SMB
|
|
RSYNC
|
|
Brute-force attacks against VNC passwords | |
Brute-force attacks against pcAnywhere passwords | |
Brute-force attacks against Redis passwords | |
Vulnerabilities in application services | phpMyAdmin weak passwords |
Tomcat console weak passwords | |
Apache Struts 2 remote command execution vulnerabilities | |
Apache Struts 2 remote command execution vulnerability (S2-046) | |
Apache Struts 2 remote command execution vulnerability (S2-057) | |
Arbitrary file uploads in ActiveMQ (CVE-2016-3088) | |
Arbitrary file reads in Confluence | |
CouchDB Query Server remote command execution | |
Discuz!Brute-force attacks against administrator weak passwords | |
Unauthorized access to Docker | |
Remote code execution in Drupal Drupalgeddon 2 (CVE-2018-7600) | |
ECshop code execution vulnerabilities in logon endpoints | |
Unauthorized access to Elasticsearch | |
Elasticsearch MvelRCE CVE-2014-31 | |
Elasticsearch Groovy RCE CVE-2015-1427 | |
Expression Language (EL) Injection in Weaver OA | |
Unauthorized access to Hadoop YARN ResourceManager | |
Path traversal in JavaServer Faces 2 | |
Java deserialization in JBoss EJBInvokerServlet | |
Anonymous access to Jenkins Manage (CVE-2018-1999001 and CVE-2018-1999002) | |
Unauthorized access to Jenkins | |
Jenkins Script Security Plugin RCE | |
Unauthorized access to Kubernetes | |
SQL injection vulnerabilities in the MetInfo getPassword interface | |
SQL injection vulnerabilities in the MetInfo logon interface | |
Arbitrary file uploads in PHPCMS 9.6 | |
PHP-CGI remote code execution vulnerabilities | |
Actuator unauth RCE | |
ThinkPHP_RCE_20190111 | |
Server-side request forgery (SSRF) in WebLogic UDDI Explorer | |
SSRF in WordPress xmlrpc.php | |
Brute-force attacks against the Zabbix web console | |
OpenSSL heartbleed detection | |
Unauthorized access to the WEB-INF directory in Apache Tomcat |
References
What are the differences between baselines and vulnerabilities?