• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Removing Wappspector

jamie!

jamie!

New Pleskian
Server operating system version
AlmaLinux 9.3
Plesk version and microupdate number
18.0.59
Wappspector is being picked up by security scanners. Of course they are false positives, but with the amount of servers, there are a ton. Ignoring/clearing the issues is a pain.

Is it possible to remove Wappspector -- and without unintended consequences?
 
Hi, the Wappspector feature is provided as a part of core Plesk functionality for now - it's impossible to remove.

But it's interesting to know more about the security scanners: could you please provide a more detailed description of the issue you faced? We want to improve it to avoid such issues.

Thank you in advance.
 
Hi Anthony,

All of the frameworks and versions are flagged in Wiz as out-of-date web apps and corresponding CVEs, since it's method of detection is file path. We could certainly ignore since they are false positives, but as you can imagine, there are a ton of these (attached ss):
E.g.,

File /opt/psa/admin/plib/vendor/plesk/wappspector/test-data/wordpress/wordpress4.0/wp-includes/version.php version 4.0 is vulnerable to CVE-2017-9062, which exists in versions >= 4.0.0, <= 4.7.4.
 

Attachments

  • Screenshot 2024-03-18 at 10.33.15 AM.png
    Screenshot 2024-03-18 at 10.33.15 AM.png
    50.7 KB · Views: 10
@Anthony Thank you for looking into this so fast! I really appreciate it. But while this will fix a few CVE findings, others won't be resolved because WP v 4.9.25 is still is out of date with CVEs. It's also the frameworks as well and older versions that Wiz is flagging as vulnerabilities. For example, CodeIgniter is flagged:

Code: 
File /usr/local/psa/admin/plib/vendor/plesk/wappspector/test-data/codeigniter/4/vendor/codeigniter4/framework/system/CodeIgniter.php version 4.3.6 is vulnerable to CVE-2023-46240, which exists in versions >= 4.0.0, < 4.4.3.

I suspect the only way around this one, is to change the file path which Wiz scanner (and others) are looking for.
 

Attachments

  • Screenshot 2024-03-20 at 11.13.49 AM.png
    Screenshot 2024-03-20 at 11.13.49 AM.png
    144.6 KB · Views: 2
  • Screenshot 2024-03-20 at 11.13.41 AM.png
    Screenshot 2024-03-20 at 11.13.41 AM.png
    174.6 KB · Views: 2
You must log in or register to reply here.

Similar threads

G
Issue Database Malware or False Positive?
Replies
2
Views
388
Gene Steinberg
G
S
Question Emails being deleted by DMARC
Replies
5
Views
213
JVG
J
T
Input Plesk Email Security - treatment of SPF softfail
Replies
2
Views
761
TomBoB
T
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
A
Issue All Websites Down and Plesk Panel Not Reachable After Restarting Nginx. Have SSH Access, Plesk Repair Not Working
Replies
16
Views
1K
Peter Debik
P
Back
Top