• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Removing Wappspector

jamie!

jamie!

New Pleskian
Server operating system version
AlmaLinux 9.3
Plesk version and microupdate number
18.0.59
Wappspector is being picked up by security scanners. Of course they are false positives, but with the amount of servers, there are a ton. Ignoring/clearing the issues is a pain.

Is it possible to remove Wappspector -- and without unintended consequences?
 
Hi, the Wappspector feature is provided as a part of core Plesk functionality for now - it's impossible to remove.

But it's interesting to know more about the security scanners: could you please provide a more detailed description of the issue you faced? We want to improve it to avoid such issues.

Thank you in advance.
 
Hi Anthony,

All of the frameworks and versions are flagged in Wiz as out-of-date web apps and corresponding CVEs, since it's method of detection is file path. We could certainly ignore since they are false positives, but as you can imagine, there are a ton of these (attached ss):
E.g.,

File /opt/psa/admin/plib/vendor/plesk/wappspector/test-data/wordpress/wordpress4.0/wp-includes/version.php version 4.0 is vulnerable to CVE-2017-9062, which exists in versions >= 4.0.0, <= 4.7.4.
 

Attachments

  • Screenshot 2024-03-18 at 10.33.15 AM.png
    Screenshot 2024-03-18 at 10.33.15 AM.png
    50.7 KB · Views: 10
@Anthony Thank you for looking into this so fast! I really appreciate it. But while this will fix a few CVE findings, others won't be resolved because WP v 4.9.25 is still is out of date with CVEs. It's also the frameworks as well and older versions that Wiz is flagging as vulnerabilities. For example, CodeIgniter is flagged:

Code: 
File /usr/local/psa/admin/plib/vendor/plesk/wappspector/test-data/codeigniter/4/vendor/codeigniter4/framework/system/CodeIgniter.php version 4.3.6 is vulnerable to CVE-2023-46240, which exists in versions >= 4.0.0, < 4.4.3.

I suspect the only way around this one, is to change the file path which Wiz scanner (and others) are looking for.
 

Attachments

  • Screenshot 2024-03-20 at 11.13.49 AM.png
    Screenshot 2024-03-20 at 11.13.49 AM.png
    144.6 KB · Views: 2
  • Screenshot 2024-03-20 at 11.13.41 AM.png
    Screenshot 2024-03-20 at 11.13.41 AM.png
    174.6 KB · Views: 2
You must log in or register to reply here.

Similar threads

J
Issue So Many issues with Plesk -Email - System reboots
Replies
0
Views
332
jammer699669
J
P
Question Locate and remove old SSL cert
Replies
2
Views
429
learning_curve
learning_curve
G
Issue Database Malware or False Positive?
Replies
2
Views
2K
Gene Steinberg
G
M
Question Issue with Availability of Free Version of Plesk (Plesk Web Admin SE) on Vultr Server Deployment
2
Replies
20
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue Daily Maintenance Script Spawns Off A Bunch Of PHP-FPM processes Leading To Huge Load Spike
Replies
2
Views
404
Ladylinux
L
Back
Top