All Posts

2 posts

New EOL QIDs for Microsoft Windows 7 and 2008/R2

Qualys Vulnerability Signature, version 2.4.815-2, will include EOL QIDs (detections for end-of-life software) for Windows 7, Windows 2008, and Windows 2008 R2. Customers will be able to scan the QIDs shown below using Qualys Vulnerability Management (VM):

QID 105859  – EOL/Obsolete Operating System: Microsoft Windows 2008 R2 Detected
QID 105858  – EOL/Obsolete Operating System: Microsoft Windows 2008 Detected
QID 105793  – EOL/Obsolete Operating System: Microsoft Windows 7 Detected

Continue reading …

How to Check for Unprotected MongoDB Databases

Recently three students from University of Saarland in Germany discovered that the MongoDB databases running on several thousand commercial web servers allow remote attackers to easily access and manipulate the database from the Internet. According to their research, it is not uncommon for MongoDB databases to be configured to accept any connection from the Internet.

In this blog I will discuss how unauthorized access works and how to check if your MongoDB is exposed. Qualys Vulnerability Management has released QID 19965 to check for the same.

Continue reading …