Remote-access Guide

abyss web server remote access vulnerability

by Sean Dooley Published 2 years ago Updated 2 years ago
image

The remote Abyss Web server is earlier than version 1.1.6. Such versions are reportedly vulnerable to a buffer overflow that could be exploited by an attacker to execute arbitrary code on the host. In addition, it is possible to inject malicious data into server response headers using a specially crafted GET request.

Full Answer

How does Abyss web server allow remote attackers to read files?

The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.

Why does aprelium technologies Abyss web server not log connection attempts?

The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.

How do I access Abyss from another computer on LAN?

The full local URL is displayed in Abyss' main window (Local web server URL). To access your machine from another computer on your network (LAN), you should use the LAN IP of the computer.

How do I add a port to Abyss web server?

If Abyss Web Server uses port 80, check the Web Server (HTTP) line. If it uses another port, press Add... and enter the number of the port Abyss uses as the internal port (select TCP and fill the other parameters following the descriptions).

image

Compact, easy to use and feature-rich

Abyss Web Server is a compact web server available for Windows, macOS, and Linux operating systems.

Available in two editions

Depending on your use and your needs, you may choose one of the two available editions ( what's the difference? ):

Learn more

View the features summary and learn about the differences between the personal and the professional edition.

Why is cybersecurity important in remote work?

Bringing cybersecurity to the top-of-mind for your remote workforce is important in successfully educating employees on the new risks their work environment presents. Conducting training for security best practices, as well as discussing your organization’s cybersecurity standing and vulnerabilities with the entire workforce are both potential ways to combat network threats.

How to prevent unauthorized app use?

Making proactive decisions about your tech stack can go a long way toward preventing unauthorized app use. For example, by making a secure video chatting or collaboration tool available, you reduce the likelihood of employees going out of their way to install their own (less secure) solutions.

What is the first step in mitigating risk throughout your attack surface?

Documenting policies, protocols, and authorized software is the first step in mitigating risk throughout your attack surface. From there, you can start to enforce changes that will improve security performance across your expanding digital ecosystem. 2. Unsecured networks.

What should be protected using multi-factor authentication?

Any machine that is capable of connecting to your network should be protected using multi-factor authentication, automatic session timeouts, and access monitoring to prevent unauthorized users from getting into the data, even if they have the device.

Is IT security playing catch up?

IT security teams are still playing catchup when it comes to securing the remote workforce. We’re committed to making their jobs easier through our BitSight Security Ratings solutions for monitoring, managing, and mitigating cyber risks. Read our research to learn more about the unique risks of work from home-remote office networks and what to do next to mitigate the latest security threats.

Can remote workers access sensitive information?

But with remote work and the physical locations of your workforce and sensitive information further apart, the chances of unauthorized users accessing sensitive data through employees’ computers, phones, and tablets increases exponentially .

What port does Abyss use?

If Abyss Web Server uses port 80 , check the Web Server (HTTP) line. If it uses another port, press Add... and enter the number of the port Abyss uses as the internal port (select TCP and fill the other parameters following the descriptions).

What is WAN IP?

WAN/Remote Access. To access the server from the outside, people should use your router's WAN IP (or external IP). It is the IP assigned to it by your ISP. Your WAN IP can be known by browsing http://www.aprelium.com/ip from your computer.

What to do if your WAN IP changes?

If your WAN IP changes often, you'll need to use the services of a free DNS provider that can track those IP changes and give you a fixed domain name. We suggest checking DynDNS.org or the list of dynamic DNS services providers . That way, you'll always access your server using an address like http://www.yourserver.freednsprovider.com without paying attention to IP changes. Note that nothing should be configured on Abyss Web Server X1's side: it will work with the domain name automatically.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9