A Security Baseline Detection List

Recent Pages

A Security Baseline Detection List

Last updated: 2024-08-13 16:30:55

This document introduces the list of the security baseline detection in CWPP.
Note:
The security baselines will take effect immediately after product setup.
Name
Level
Vul_type
Unauthorized access to CouchDB.
High
Improper configuration
Docker Daemon 2375 management port is open.
High
Remote code execution
Unauthorized access to Elasticsearch.
High
Improper configuration
JavaRMI remote code execution
High
Remote code execution
The lack of authentication in Jenkins can lead to command execution.
High
Remote code execution
Unauthorized access to Kubelet.
High
Security baseline
Weak password detection of the Linux system
High
Remote code execution.
Unauthorized access to MongoDB.
High
Improper configuration
Weak password detection of MySQL
High
 Weak password
NFS misconfiguration leads to mountable sensitive directory.
High
Improper configuration
Baseline compliance detection of Redis
High
Remote code execution
Improper configuration detection of RPCBind
High
Security baseline
Weak password detection of Rsync
High
 Weak password
Rsync passwordless access
High
Improper configuration
Weak password detection of Tomcat
High
 Weak password
Weak password detection of Windows users
High
 Weak password
Xampp default FTP password
High
Information leakage
Backup files exist in the website directory.
High
Information leakage
Anonymous log-in detection of FTP
Medium
Information leakage
IIS misconfiguration leads to parsing vulnerability.
Medium
Improper configuration
Memcached UDP port can be exploited for DDOS amplification attacks.
Medium
Information leakage
PHP-FPM misconfiguration
Medium
Security baseline
Compliance detection of PostgreSQL
Medium
Remote code execution
Information leakage due to the presence of a .git folder exists in the Web directory.
Medium
Information leakage
Information leakage due to the presence of a .svn folder exists in the Web directory.
Medium
Information leakage.
Hidden account detection of Windows
Medium
Security baseline
Shadow account detection of Windows
Medium
Remote code execution
Unauthorized access to ZooKeeper.
Medium
Improper configuration
Unauthorized access to Hadoop.
Low
Remote code execution
Passwordless user detection of sudo
Low
Security baseline.
Sample directory detection of Tomcat
Low
Security baseline
A phpinfo file exists in the Web directory.
Low
Information leakage
Guest account status detection of Windows
Low
Security baseline
﻿

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support

tencent cloud

Recent Pages

A Security Baseline Detection List

Was this page helpful?

Was this page helpful?

Name	Level	Vul_type
Unauthorized access to CouchDB.	High	Improper configuration
Docker Daemon 2375 management port is open.	High	Remote code execution
Unauthorized access to Elasticsearch.	High	Improper configuration
JavaRMI remote code execution	High	Remote code execution
The lack of authentication in Jenkins can lead to command execution.	High	Remote code execution
Unauthorized access to Kubelet.	High	Security baseline
Weak password detection of the Linux system	High	Remote code execution.
Unauthorized access to MongoDB.	High	Improper configuration
Weak password detection of MySQL	High	Weak password
NFS misconfiguration leads to mountable sensitive directory.	High	Improper configuration
Baseline compliance detection of Redis	High	Remote code execution
Improper configuration detection of RPCBind	High	Security baseline
Weak password detection of Rsync	High	Weak password
Rsync passwordless access	High	Improper configuration
Weak password detection of Tomcat	High	Weak password
Weak password detection of Windows users	High	Weak password
Xampp default FTP password	High	Information leakage
Backup files exist in the website directory.	High	Information leakage
Anonymous log-in detection of FTP	Medium	Information leakage
IIS misconfiguration leads to parsing vulnerability.	Medium	Improper configuration
Memcached UDP port can be exploited for DDOS amplification attacks.	Medium	Information leakage
PHP-FPM misconfiguration	Medium	Security baseline
Compliance detection of PostgreSQL	Medium	Remote code execution
Information leakage due to the presence of a .git folder exists in the Web directory.	Medium	Information leakage
Information leakage due to the presence of a .svn folder exists in the Web directory.	Medium	Information leakage.
Hidden account detection of Windows	Medium	Security baseline
Shadow account detection of Windows	Medium	Remote code execution
Unauthorized access to ZooKeeper.	Medium	Improper configuration
Unauthorized access to Hadoop.	Low	Remote code execution
Passwordless user detection of sudo	Low	Security baseline.
Sample directory detection of Tomcat	Low	Security baseline
A phpinfo file exists in the Web directory.	Low	Information leakage
Guest account status detection of Windows	Low	Security baseline

tencent cloud

Sign Up

Log in

Recent Pages

A Security Baseline Detection List

Was this page helpful?

Was this page helpful?