Security Baseline Checklist

Last updated: 2020-02-27 19:20:14

PDF
Name Level Vul_type
Access is not authorized by CouchDB. High Improper configuration
Docker Daemon 2375 management port open High Remote code execution
Access is not authorized by Elasticsearch. High Improper configuration
JavaRMI remote code execution High Remote code execution
If the Jenkins is not enabled, Verification can cause the command to be executed. High Remote code execution
Access is not authorized by Kubelet. High Security Baseline
Weak password detection in Linux system High Remote code execution
Access is not authorized by MongoDB. High Improper configuration
MySQL weak password detection High Weak password
NFS misconfiguration results in mountable sensitive Directory High Improper configuration
Redis baseline compliance test High Remote code execution
Detection of improper configuration of RPCBind High Security Baseline
Rsync weak password detection High Weak password
Rsync has no password Access High Improper configuration
Tomcat weak password detection High Weak password
Windows user weak password detection High Weak password
Xampp default FTP password High Information disclosure
There are backup files on the website Directory. High Information disclosure
FTP anonymous login detection Medium Information disclosure
Misconfiguration of IIS leads to the existence of parsing Vulnerability Medium Improper configuration
The Memcached UDP port can be used as a DDOS amplification attack Medium Information disclosure
PHP-FPM misconfiguration Medium Security Baseline
PostgreSQL compliance testing Medium Remote code execution
Web Directory has a .git folder that leads to information disclosure. Medium Information disclosure
The existence of a .svn folder in Web Directory leads to information disclosure. Medium Information disclosure
Windows Hidden account Detection Medium Security Baseline
Windows shadow account detection Medium Remote code execution
Access is not authorized by ZooKeeper. Medium Improper configuration
Access is not authorized by Hadoop. Low Remote code execution
Sudo password-less user detection Low Security Baseline
Detection of Directory in Tomcat sample Low Security Baseline
Web Directory exists phpinfo file Low Information disclosure
Windows Guest account status Detection Low Security Baseline