Vulnerability Assessment and Penetration Testing

Mohammad_Azam · February 17, 2023, 11:08am

Hello,
I have installed the Xibo CMS on VM at a customer site. They run a Vulnerability Assessment and Penetration Testing and found some errors related to HTTPD. Is there any solution?

Vulnerability Assessment and Penetration Testing.pdf (518.8 KB)

alex · February 17, 2023, 12:09pm

Thanks for your report. What version of Xibo did you install? How did you install the CMS?

alex · February 17, 2023, 12:59pm

I’ve checked the first 5 or 6 of the HIGH level ones in there and they’re all applicable to Apache server versions lower than the one we ship in 3.3.3 release (which is 2.4.55). Perhaps you didn’t use Docker to do the install, or put another Apache server infront of our containers?

Mohammad_Azam · February 21, 2023, 5:10am

Hi Alex,
I have installed the CMS 2.3.7 on Docker. Host OS is Ubuntu 18.04.
I have followed all the instructions given on XIBO guide and installed the apache accordingly.

alex · February 22, 2023, 12:19pm

2.3.7 is old and out of date, so you will need to upgrade. See Supported Versions and Environments | Xibo Digital Signage

3.3.3 is the current version.

The Apache server in Ubuntu 18.04 (which goes end of life in a couple of weeks) is not in any way hardened. You will need to harden that yourself.