Task #11717
closedTask #11711: Security Vulnerability Scan 2023-05-18
Fix security issues in moodle.ase.cit.tum.de
0%
Description
{code:java}
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - a25737cc-6d7c-48fe-b0a1-ea3d710bb01b - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 5ce201dc-f82b-4da1-9003-6c885d40e4c5 - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://moodle.ase.in.tum.de/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://moodle.ase.in.tum.de/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://moodle.ase.in.tum.de/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://moodle.ase.in.tum.de/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://moodle.ase.in.tum.de/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://moodle.ase.in.tum.de/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 725a474b-c319-487a-9768-0a5871c7b5bc - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://moodle.ase.cs.tum.edu/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://moodle.ase.cs.tum.edu/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://moodle.ase.cs.tum.edu/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://moodle.ase.cs.tum.edu/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://moodle.ase.cs.tum.edu/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://moodle.ase.cs.tum.edu/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - ac7a41ab-cd3b-4012-a000-7725a8b9ae09 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - cbf152b2-2f4e-430d-8e13-a3872550c7b7 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 0feaa0fd-e98c-41ae-8d4f-07135389af7d - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://vmbhatotia124.in.tum.de/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://vmbhatotia124.in.tum.de/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://vmbhatotia124.in.tum.de/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://vmbhatotia124.in.tum.de/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://vmbhatotia124.in.tum.de/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://vmbhatotia124.in.tum.de/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - 01aa0a05-1fea-48f8-a191-eb340bcb35c5 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 0b115856-96af-4990-8554-07d3b50c6c22 - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://vmbhatotia124.cs.tum.edu/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://vmbhatotia124.cs.tum.edu/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://vmbhatotia124.cs.tum.edu/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://vmbhatotia124.cs.tum.edu/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://vmbhatotia124.cs.tum.edu/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://vmbhatotia124.cs.tum.edu/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only. {code}
CW Updated by Colin Wilk about 2 months ago
Du woher kam dieser scan eigentlich, kann man den nochmal anschmeißen?
CW Updated by Colin Wilk about 2 months ago
Ich wontfix das jetzt weil wir
A: Diese tum scanner nicht mehr bekommen haben in letzrer Zeit und
B: Wir das Cookie issue nicht fixen können (moodle application issue) und das Git repo kein problem ist, da der code sowieso public ist.
Updated by Anonymous about 2 months ago
- Parent task set to #11711