Page MenuHomePhabricator
Create Task
Maniphest T292884

Vulnerabilities reported in Apache httpd version running on 185.15.56.30
Closed, ResolvedPublicSecurity
Actions

Description

The Security team scans the internet-facing edges of our IP ranges using an instance of the Nessus vulnerability scanner. This week, a single IP address - 185.15.56.30 - showed up in the reporting with two “high” findings around the reported version of Apache http installed. The two “high” findings on 185.15.56.30 are https://www.tenable.com/plugins/nessus/153583 (https://www.tenable.com/cve/CVE-2021-40438) and https://www.tenable.com/plugins/nessus/153584 (https://www.tenable.com/cve/CVE-2021-39275).

There are no known exploits for the two "High" findings for that IP address.

Details

Risk Rating
Low
Author Affiliation
Wikimedia Communities

Related Objects

Event Timeline

Dsharpe created this task.Oct 9 2021, 12:08 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 9 2021, 12:08 AM
Dsharpe added projects: Cloud-VPS, cloud-services-team.Oct 9 2021, 12:11 AM
Dsharpe added a subscriber: Galahad.
Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptOct 9 2021, 12:11 AM
bd808 updated the task description. (Show Details)Oct 9 2021, 12:14 AM
Galahad added a comment.Oct 9 2021, 12:16 AM

I'll remove the instance.

bd808 subscribed.Oct 9 2021, 12:16 AM

185.15.56.30 is the floating IP attached to mars-01.wikisp.eqiad1.wikimedia.cloud.

Galahad added a comment.Oct 9 2021, 12:19 AM

Done, deleted the instance and the float IP. Is anything else required?

bd808 closed this task as Resolved.Oct 9 2021, 12:22 AM
bd808 assigned this task to Galahad.
In T292884#7414018, @Galahad wrote:

Done, deleted the instance and the float IP. Is anything else required?

Nope. That gets rid of the problem for sure. :)

Upgrading the Apache2 package to 2.4.51-1~deb11u1 would have worked too, but if you weren't really using the instance it's nice to have the compute resources back.

Galahad mentioned this in T289307: Montar instancia Mars.Oct 9 2021, 12:28 AM
sbassett subscribed.Oct 12 2021, 5:34 PM

With the instance deleted, is there any reason not to make this public? I'm guessing 185.15.56.30 isn't sensitive information for anybody.

sbassett edited projects, added SecTeam-Processed; removed Security-Team.Oct 12 2021, 5:34 PM
bd808 added a comment.Oct 12 2021, 9:20 PM
In T292884#7420780, @sbassett wrote:

With the instance deleted, is there any reason not to make this public? I'm guessing 185.15.56.30 isn't sensitive information for anybody.

185.15.56.30 is an IP that belongs to the Foundation and is in the network block used by Cloud VPS for public routing, so I agree that it is not PII or otherwise sensitive information. +1 from me for making the task public.

sbassett triaged this task as Low priority.Oct 12 2021, 9:24 PM
sbassett changed Author Affiliation from N/A to Wikimedia Communities.
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL