7.8
CVE-2018-16843
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file.
7.8
CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the ‘http2’ option of the ‘listen’ directive is used in a configuration file.
7.8
CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
5.8
CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
4.3
Site is a website with Word Press CMS all-right, but it is not that bad security-wise (es una web bonita ;).
Neatly configured for user enumeration as well as directory listing both set to disabled.
Linked site OK: Linked Sites
Google Safe Browse checks have been performed on each of the linked sites.
Links with poor reputation could be a threat to users of the site. Hosting and location are also included in the results.
Externally Linked Host Hosting Provider Country
-www.dmca.com Microsoft Corporation Unite Google Safebrowsing rates it as OK.
Retirable jQuery library detected: jquery 1.12.4-wp Found in -https://tuwebdecero.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Blocking users should block 34% of trackers and 34 % of ads on website according to ZenMate Web Firewall.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Is this problem gone now? I have just created my shop on Magneto 2, and I wouldn’t want to have such problems. This was a while ago, and I hope that it’s solved because I am ready to start marketing my shop. I am sure that I will be successful, I just need to be seen by my customers. I will probably have to use automated marketing like the one from https://amasty.com/marketing-automation-for-magento-2.html. It makes sense, I don’t want to spend too much time on something like that, I want to be improving my product, and my shop.
The webshop is no longer on outdated Magento 0.1.
But kicks up a scan error: “HTTP 599: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small”
Server software still vulnerable: https://sitecheck.sucuri.net/results/https/bb.qsl-webshop.com
main.min.js:2 Error: Script error for: Magento_GoogleTagManager/js/google-analytics-universal
-http://requirejs.org/docs/errors.html#scripterror
at makeError (d13968b……d82d06710.min.js:16)
at HTMLScriptElement.onScriptError (d13968b……82d06710.min.js:112)
compat.min.js:1 Fallback to JQueryUI Compat activated. Your store is missing a dependency for a jQueryUI widget.
Identifying and addressing the dependency will drastically improve the performance of your site.