login about faq

questions tags users badges unanswered ask a question

Disabling the embedded HTTP Server

1

We were informed that there is a client-side desync vulnerability associated with the following URL on our PA server:

https://xxx.xxx.xxx.xxx:81/shared/pa_report.css

Is there a way to disable the embedded HTTP server? Or is there a way to mitigate this vulnerability?

Please advise - thank you.

web vulnerability http reports

asked 10 Feb '23, 15:28

5tafd444
11●2
accept rate: 0%

2 Answers:

oldest newest most voted

1

We've just pushed out an update for this in version 9.1.0.9 available at:

https://www.poweradmin.com/products/server-monitoring/downloads/preview/

To answer the question, you can disable the embedded HTTPS server by setting

HKLMsoftwarePAServerMonitor ReportHTTPPort = 0

However, be aware that the Console, helper application, Satellites, Inventory Collector (System Details) and more all communicate through that HTTPS port so this this will have an impact on a number of things.

link

answered 13 Feb '23, 15:00

Doug ♦♦
10.3k●12●21●38
accept rate: 20%

0	Got it, thank you Doug! link answered 13 Feb '23, 15:02 5tafd444 11●2 accept rate: 0%

Your answer

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

reports ×57
http ×8
web ×3
vulnerability ×2

Asked: 10 Feb '23, 15:28

Seen: (+: (DEFAULT: ), 1) times

Last updated: 13 Feb '23, 15:02

Related questions