ATS Site Vulnerabilities

Was checking out this tool from shodan.io showing open ports for a given IP address. For fun, I decided to check out ATS. Well, turns out ATS has a staggeringly long list of current vulnerabilities, some dating back 10 years or more.

CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '�' character.

CVE-2014-5459 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

CVE-2010-4645 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308


[removed excessive quoting]

Continued

[removed excessive quoting]

IMPORTANT: Using Content From Other Websites on ATS
Posting work written by others

IMPORTANT: Using Content From Other Websites on ATS
Posting work written by others

[removed excessive quoting]

Phew, end of the list..finally

Some of these are pretty scary, there's buffer overflows a plenty, tons of opportunities for remote code execution, account escalation exploit vulnerabilities and even unauthorized file system access.

a reply to: dug88

What version of php is the site running? Im too lazy to get on my puter to check.

a reply to: drewlander

Nvm. 5.3. Thats crazy. Deprecated for a long time now.

a reply to: drewlander

It's in the link, but

Apache httpd

HTTP/1.1 200 OK Date: Mon, 21 Sep 2020 21:26:06 GMT Server: Apache X-Powered-By: PHP/5.3.3 refresh: 360; url=index.php Cache-Control: no-store, no-cache, must-revalidate, max-age=0, max-age=2592000 Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Expires: Wed, 21 Oct 2020 21:26:06 GMT Vary: Accept-Encoding Connection: keep-alive, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

A pretty darn old version, one listed in many of these.

a reply to: dug88

How is a ATS's vulnerability ranked amongst internet sites? What grade does it receive?

a reply to: carewemust

Taken at face value it would be pretty bad but i don't think some of the enabled modules are even used, so probably not as bad as it seems. Take the socket.c cve for instance - this site does not upgrade my connection to ws://, so there is probably no listener and it means nothing. All shodan did was look at php version and modules enabled it seems. Windows cve is probably meaningless too.

Just dont store your bank info on this site and you will be fine.

a reply to: drewlander

Understood. Thank you for the detailed reply.

a reply to: dug88

I suppose you noticed the note at the top of the results:

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

Edited to add that, for example, for a server I manage, it says that FTP has two vulnerabilities, but the server doesn't even have FTP working.

originally posted by: carewemust
a reply to: dug88

How is a ATS's vulnerability ranked amongst internet sites? What grade does it receive?

You're more anonymous on Facebook.

a reply to: ArMaP

Yeah exactly. I didnt even bother with looking at shodan but I have other utilities installed locally I can use to see whats really going on if I was interested. After I got to thinking about later this evening I pretty much concluded shodan spit out a list of vulnerabilities that were never patched in that version of php and will never be patched cuz 5.3 is long past EOL. Even 5.6 is past EOL now.