Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HTTP Server Vulnerabilities

by Andrew Freeborn
April 13, 2016

Common user interfaces in a modern workplace involve some type of web interface. Web interfaces allow more diverse sets of users to connect to an application through common web browsers. Allowing users to connect to web-enabled user interfaces typically reduces IT requirements, enabling the user to work more efficiently.

Enabling a web-based user interface may involve more IT requirements for security, but those requirements may not be enabled by default. When a connection is made to a website, the response from the website back to the source usually contains some type of information. The response back to the source could contain a POST response with a few HTTP headers, or a POST response with excessive HTTP headers.

Depending on the web platform, a POST response could contain excessive HTTP headers and all of the other HTTP options a user can perform. In a typical website “transaction”, a typical experience contains HTTP GET and POST. However, other options can be “DELETE” or “MOVE”, which could provide attackers a way to circumvent security controls. Security controls such as packet-layer firewalls and web application firewalls can block non-typical HTTP options to help minimize the risk to the environment. Removing or denying those HTTP options with a configuration management program can also reduce the risk to the web platform.

While threats such as unprotected HTTP options exist in web platforms, inadvertent information disclosures are commonly returned in responses. HTTP response headers such as “Server”, and X-Headers such as “X-Powered-By” and “X-AspNet-Version”, provide attackers detailed web platform information. If an attacker can send a basic GET request to a web platform, they could receive detailed information for the web platform, reducing their time for reconnaissance.

With detailed information provided in the HTTP response, an attacker can better tailor attacks and exploitation strategies, which can better match the specific versions of software running on the web platform. Organizations may have differing views of the value of HTTP response headers in the environment. However, if analysts are aware of the headers in the environment, removing or being aware of the headers may help to reduce risk in the environment.

In addition to HTTP options and response headers, this dashboard provides analysts with a view of the certificates used on web platforms. Analysts can see certificates that have expired, will expire soon, and will in the future become valid certificates. Using this information, analysts can work with the various teams in the organization to reduce potential certificate issues along with ensuring best practice certificate usage.

The dashboard also contains components such as a list of web platforms and HTTP/HTTPS ports in use in the organization. The components can help assist analysts to ensure that authorized web platforms and ports are in use and raise awareness of unknown or unexpected findings. The remaining component of the dashboard provides an overview of low, medium, high and critical severity vulnerabilities found with web servers in the organization. A report in the Tenable.sc feed is also available to view this data in report format located at, “HTTP Server Vulnerabilities” (http://www.tenable.com/sc-report-templates/http-server-vulnerabilities-r...).

The dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The dashboard requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.6.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable's family of products includes Tenable.sc Continuous View (CV), Nessus, Nessus Network Monitor (NNM), and Log Correlation Engine (LCE). Tenable.sc CV provides the most comprehensive and integrated view of network health, and is the global standard in detecting and assessing network data.

This dashboard contains the following components:

  • HTTP headers summary: The “HTTP headers summary” matrix component provides analysts counts of the detected HTTP headers to provide context of potential issues in the organization
  • HTTP options summary: The “HTTP options summary” matrix component provides analysts with counts of the detected HTTP options to provide context of potential issues in the organization
  • HTTP Server Types summary: The “HTTP Server Types summary” table component identifies the various versions of web platforms detected in the organization
  • HTTP Vulnerability summary: In the “HTTP Vulnerability summary” bar chart component below, management and analysts can see the counts of vulnerability severities affecting web platforms
  • SSL Certificate information summary: The “SSL Certificate information summary” bar chart component provides a count of certificate issues detected in the organization
  • Top 10 HTTP Port summary: In the “Top 10 HTTP Port summary” bar chart component, the top 10 HTTP ports’ vulnerability summaries are provided
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.