Vulnerability Assessment and Penetration Testing

I have installed the Xibo CMS on VM at a customer site. They run a Vulnerability Assessment and Penetration Testing and found some errors related to HTTPD. Is there any solution?

Vulnerability Assessment and Penetration Testing.pdf (518.8 KB)

Thanks for your report. What version of Xibo did you install? How did you install the CMS?

I’ve checked the first 5 or 6 of the HIGH level ones in there and they’re all applicable to Apache server versions lower than the one we ship in 3.3.3 release (which is 2.4.55). Perhaps you didn’t use Docker to do the install, or put another Apache server infront of our containers?

Hi Alex,
I have installed the CMS 2.3.7 on Docker. Host OS is Ubuntu 18.04.
I have followed all the instructions given on XIBO guide and installed the apache accordingly.

2.3.7 is old and out of date, so you will need to upgrade. See Supported Versions and Environments | Xibo Digital Signage

3.3.3 is the current version.

The Apache server in Ubuntu 18.04 (which goes end of life in a couple of weeks) is not in any way hardened. You will need to harden that yourself.