5tafd444
8
We were informed that there is a client-side desync vulnerability associated with the following URL on our PA server:
https://xxx.xxx.xxx.xxx:81/shared/pa_report.css
Is there a way to disable the embedded HTTP server? Or is there a way to mitigate this vulnerability?
Please advise - thank you.
We've just pushed out an update for this in version 9.1.0.9 available at:
https://www.poweradmin.com/products/server-monitoring/downloads/preview/
To answer the question, you can disable the embedded HTTPS server by setting
HKLMsoftwarePAServerMonitor ReportHTTPPort = 0
However, be aware that the Console, helper application, Satellites, Inventory Collector (System Details) and more all communicate through that HTTPS port so this this will have an impact on a number of things.
