- Creation
- Validation
- Communication & fix
- Disclosure
NVIDIA Corporation / Server Status Information Disclosure
iampritam
reported 2022-01-29
Description
It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU utilization.
Vulnerable URL:
https://gfwsl.stagegeforce.geforce.com/server-status
Impact
An attacker can gather information about the internals of the target web server, such as: Server uptime Individual request-response statistics and CPU usage of the working processes Current HTTP requests, client IP addresses, requested paths, and processed virtual hosts This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available.
IP:
72.21.81.187Port:
443Detected protocol:
httpsVulnerable URL:
https://gfwsl.stagegeforce.geforce.com/server-status
Apache Status
Apache Server Status for stggfwsl.exw.nvidia.com (via 10.48.54.43)
Server Version: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips
Server MPM: prefork
Server Built: Nov 14 2016 18:04:44
Current Time: Friday, 28-Jan-2022 20:05:54 PST
Restart Time: Friday, 21-Jan-2022 15:45:57 PST
Parent Server Config. Generation: 1
Parent Server MPM Generation: 0
Server uptime: 7 days 4 hours 19 minutes 57 seconds
Server load: 0.00 0.01 0.05
Total accesses: 2260951 - Total Traffic: 44.0 GB
CPU Usage: u386.62 s361.05 cu368.27 cs305.89 - .229% CPU load
3.64 requests/sec - 74.3 kB/second - 20.4 kB/request
1 requests currently being processed, 9 idle workers
____.._.__._W_..................................................
................................................................
................................................................
................................................................
Scoreboard Key:
"_" Waiting for Connection,
"S" Starting up,
"R" Reading Request,
"W" Sending Reply,
"K" Keepalive (read),
"D" DNS Lookup,
"C" Closing connection,
"L" Logging,
"G" Gracefully finishing,
"I" Idle cleanup of worker,
"." Open slot with no current process
SrvPIDAccMCPU
SSReqConnChildSlotClientVHostRequest
0-0325290/6025/158891_
94.871530.0350.043275.04
10.48.49.121fe80::4c1:a6ff:fe42:7d11:80NULL
1-0318160/5976/158916_
89.0717290.0352.143303.49
127.0.0.1fe80::4c1:a6ff:fe42:7d11:80GET /tmp/memcache/connCounter.php HTTP/1.1
2-058720/5956/155412_
88.831840.0337.483150.98
10.48.53.58fe80::4c1:a6ff:fe42:7d11:80GET /tmp/phpinfo.php HTTP/1.1
3-0236210/6530/155941_
128.401530.0363.953276.88
10.48.53.58fe80::4c1:a6ff:fe42:7d11:80NULL
4-0-0/0/148944.
12.4119393300.00.002946.73
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
5-0-0/0/149170.
0.3219425600.00.002805.86
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
6-0326650/5987/147394_
88.09900.0367.442960.46
127.0.0.1fe80::4c1:a6ff:fe42:7d11:80GET /server-status?auto HTTP/1.1
7-0-0/0/138836.
6.6319413500.00.002631.48
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
8-0287960/6432/152082_
123.762250.0349.093047.85
127.0.0.1fe80::4c1:a6ff:fe42:7d11:80GET /tmp/memcache/connCounter.php HTTP/1.1
9-057660/6259/136369_
110.93430.0374.002855.16
10.48.49.121fe80::4c1:a6ff:fe42:7d11:80NULL
10-0-0/0/106642.
31.0419413400.00.002081.89
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
11-0128000/6418/125280_
116.541030.0355.772689.23
127.0.0.1
12-0326750/6081/88149W
97.72000.0358.522005.88
10.48.49.121fe80::4c1:a6ff:fe42:7d11:80GET /server-status HTTP/1.1
13-0110240/7301/113113_
179.18530.0372.562307.22
10.48.49.121fe80::4c1:a6ff:fe42:7d11:80GET /tmp/phpinfo.php HTTP/1.1
14-0-0/0/76259.
0.4619848100.00.001363.95
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
15-0-0/0/69786.
13.5319745800.00.001213.45
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
16-0-0/0/61380.
36.6820106400.00.001075.41
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
17-0-0/0/61222.
27.0720258300.00.001079.70
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
18-0-0/0/15012.
18.9020255700.00.00230.05
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
19-0-0/0/12743.
1.2420262600.00.00216.31
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
20-0-0/0/6206.
0.7120242800.00.00101.52
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
21-0-0/0/14360.
89.7119815900.00.00237.37
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
22-0-0/0/2074.
0.4620262400.00.0039.26
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
23-0-0/0/2081.
0.3520338100.00.0038.59
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
24-0-0/0/1227.
6.5821355700.00.0032.36
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
25-0-0/0/618.
0.7121445900.00.008.90
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
26-0-0/0/763.
20.9421272700.00.0014.80
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
27-0-0/0/48.
0.7521446700.00.000.76
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
28-0-0/0/402.
23.7921310900.00.006.12
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
29-0-0/0/829.
7.8821368400.00.0017.80
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
30-0-0/0/45.
3.2221441200.00.000.60
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
31-0-0/0/360.
0.3321448400.00.006.46
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
32-0-0/0/397.
0.7321443300.00.0014.76
::1fe80::4c1:a6ff:fe42:7d11:80OPTIONS * HTTP/1.0
SrvChild Server number - generation
PIDOS process ID
AccNumber of accesses this connection / this child / this slot
MMode of operation
CPUCPU usage, number of seconds
SSSeconds since beginning of most recent request
ReqMilliseconds required to process most recent request
ConnKilobytes transferred this connection
ChildMegabytes transferred this child
SlotTotal megabytes transferred this slot
SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current entries: 0subcaches: 32, indexes per subcache: 88index usage: 0%, cache usage: 0%total entries stored since starting: 0total entries replaced since starting: 0total entries expired since starting: 0total (pre-expiry) entries scrolled out of the cache: 0total retrieves since starting: 0 hit, 0 misstotal removes since starting: 0 hit, 0 miss
Found by ApacheStatusHttpPlugin 2022-01-29
Report created by
iampritam
2022-01-29
iampritam
2022-01-29
Report approved by
BloodyShell
2022-01-29
BloodyShell
2022-01-29
New PDF report generated by system 2022-01-29
Report dispatched to ...@... by system 2022-01-29
Report comment dispatched to BloodyShell by system 2022-01-31
Report comment dispatched to iampritam by system 2022-01-31
Report comment dispatched to zythop by system 2022-01-31
Report comment dispatched to fokoil by system 2022-01-31
Report comment dispatched to thLambda by system 2022-01-31
system
commented 2022-02-23:
approved
shows in report
Email from: PSIRT@nvidia.com Hello, To give an update- the issue is now fixed and the link will not be accessible now. Let us know if any feedback or comments. We will be happy to mention your name on our Acknowledgement page<https://www.nvidia.com/en-us/security/acknowledgements/>, please let us know your name if you would like to mention on our external page. Thanks again for reporting your findings. Milind NVIDIA PSIRT www.nvidia.com/security<http://www.nvidia.com/security> ________________________________ From: NVIDIA PSIRT Sent: Monday, January 31, 2022 2:50:24 PM (UTC-05:00) Eastern Time (US & Canada) To: 45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net<mailto:45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net> Cc: NVIDIA PSIRT Subject: RE: Security issue detected for NVIDIA Corporation : Server Status Information Disclosure - NVIDIA PSIRT ID: 3521165 Hello, Thank you for sending your report. PSIRT case 3521165 is created and our geforce experience engineering team will review this for impact and/or mitigations. We will let you know once we have next steps on this or need any additional information. If you have any questions or feedback, let us know. Thanks, NVIDIA PSIRT www.nvidia.com/security<http://www.nvidia.com/security> From: 45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net<mailto:45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net> <45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net<mailto:45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net>> Sent: Saturday, January 29, 2022 12:27 PM To: NVIDIA PSIRT <PSIRT@nvidia.com<mailto:PSIRT@nvidia.com>> Subject: Security issue detected for NVIDIA Corporation : Server Status Information Disclosure Dear NVIDIA Corporation, Security researcher iampritam has identified a security issue in your infrastructure through our prevention platform. The issue has been confirmed by our team and its priority is low. Please use this email address ( 45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net<mailto:45b90b31-aec8-4a9e-b6d5-91f242e1e6bf+<redacted>@reports.leakix.net> ) for further communications with the involved parties. This report has been dispatched to [psirt@nvidia.com] Report ID 45b90b31-aec8-4a9e-b6d5-91f242e1e6bf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fleakix.net%2Freports%2F45b90b31-aec8-4a9e-b6d5-91f242e1e6bf%3Fkey%3DcQRxNEcsEAOEGyZYUUVYjXqi&data=04%7C01%7Cpsirt%40nvidia.com%7C5489e38b4eca43c4de3a08d9e354fd2f%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637790776850799666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=f3YH46wJcM%2FOEPY8pWs5wefu1lb5zsk%2BEc%2FZNSfx%2Fcs%3D&reserved=0> Owner NVIDIA Corporation Title Server Status Information Disclosure Researcher report Description It is possible to obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and CPU utilization. Vulnerable URL: https://gfwsl.stagegeforce.geforce.com/server-status Impact An attacker can gather information about the internals of the target web server, such as: Server uptime Individual request-response statistics and CPU usage of the working processes Current HTTP requests, client IP addresses, requested paths, and processed virtual hosts This type of information can help the attacker gain a greater understanding of the system in use and the other potential avenues of attack available. Related events Host Port Source Country Priority Infected Leak rows Leak size 72.21.81.187 (gfwsl.stagegeforce.geforce.com) 443 ApacheStatusHttpPlugin United States medium false 0 rows 0 B Report timeline Report created by iampritam on Sat, 29 Jan 2022 17:47:26 UTC Report approved by BloodyShell on Sat, 29 Jan 2022 18:27:12 UTC New PDF report generated by system on Sat, 29 Jan 2022 18:27:13 UTC This is a free prevention report and not a sales attempt. While we do encourage rewarding researchers, we do not promote any kind of ransom or extortion scheme. Should a researcher require money from you, let us know at fraud@leakix.net<mailto:fraud@leakix.net>, we'll take the appropriate actions and provide you guidance in the next steps. [cid:image001.gif@01D82835.C279F5A0] LeakIX prevention team support@leakix.net<mailto:support@leakix.net> https://leakix.net/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fleakix.net%2F&data=04%7C01%7Cpsirt%40nvidia.com%7C5489e38b4eca43c4de3a08d9e354fd2f%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637790776850799666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=32GwG3Lc%2FghdgPls1fhORS1g8Pi0bY7jlt1AmWFLoo4%3D&reserved=0>
Report comment dispatched to BloodyShell by system 2022-02-23
Report comment dispatched to iampritam by system 2022-02-23
Report comment dispatched to zythop by system 2022-02-23
Report comment dispatched to fokoil by system 2022-02-23
Report comment c99be9 approved by
BloodyShell
2022-02-23
BloodyShell
2022-02-23
New PDF report generated by system 2022-02-23
Report comment dispatched to iampritam by system 2022-02-23
Report comment dispatched to psirt@nvidia.com by system 2022-02-23
Report marked as fixed by
BloodyShell
2022-02-23
BloodyShell
2022-02-23
Report closed by
deleted-user
2022-02-25
deleted-user
2022-02-25
New PDF report generated by system 2022-02-25
Information
Owner
NVIDIA Corporation
Created
2022-01-29 17:47
Updated
2022-02-25 19:03
Fixed
true
Contacts
p...@nvidia.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report