GeneralInformation

Hostnames	ec2-18-157-112-139.eu-central-1.compute.amazonaws.com cbcloud.de health.cbcloud.de shib.cbcloud.de
Domains	amazonaws.com cbcloud.de
Cloud Provider	Amazon
Cloud Region	eu-central-1
Cloud Service	EC2
Country	Germany
City	Frankfurt am Main
Organization	A100 ROW GmbH
ISP	Amazon.com, Inc.
ASN	AS16509

WebTechnologies

JavaScript libraries

jQuery2.1.3

UI frameworks

Bootstrap

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(1)

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

2020(2)

CVE-2020-11023

6.9In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022

6.9In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

2019(1)

CVE-2019-11358

6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

2015(1)

CVE-2015-9251

6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

80 443

80 / tcp

772258679 | 2025-03-18T19:45:18.334702

Hashes

hash

225217401

http.dom_hash

1239617585

http.html_hash

772258679

http.server_hash

1830366617

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Tue, 18 Mar 2025 19:45:18 GMT
Location: https://cbcloud.de/
Server: nginx/1.20.1
Content-Length: 169
Connection: keep-alive

Vulnerabilities

443 / tcp

-802868296 | 2025-03-22T09:55:21.884230

Hashes

hash

230100551

http.dom_hash

-1358763903

http.favicon.hash

1939974673

http.html_hash

-802868296

http.server_hash

1830366617

http.title_hash

-2121606932

Web Login Service - Stale Request

HTTP/1.1 200 OK
Cache-Control: no-store
Cache-control: no-cache="set-cookie"
Content-Language: en-US
Content-Security-Policy: default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline'
Content-Type: text/html;charset=utf-8
Date: Sat, 22 Mar 2025 09:55:21 GMT
Expires: 
Permissions-Policy: fullscreen=(), geolocation=()
Referrer-Policy: no-referrer-when-downgrade
Server: nginx/1.20.1
Set-Cookie: JSESSIONID=node0gpsa6xosdmhg1ob6mq1ttxmoj391772.node0; Path=/idp; Secure
Set-Cookie: AWSELB=AB4B2D5502B0DA2641BBD4D8EA0C9F10C97F04544992D653517E15789695C48AC4AA394CAD54256DA8FC0F7BC1000E5113A867A31410A08FF4CD2A88EA7507474B9D3946D6;PATH=/;MAX-AGE=300
Set-Cookie: AWSELBCORS=AB4B2D5502B0DA2641BBD4D8EA0C9F10C97F04544992D653517E15789695C48AC4AA394CAD54256DA8FC0F7BC1000E5113A867A31410A08FF4CD2A88EA7507474B9D3946D6;PATH=/;MAX-AGE=300;SECURE;SAMESITE=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 2714
Connection: keep-alive

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:64:29:5d:7f:2e:6a:29:2e:77:98:ab:08:88:33:f7
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Jul 25 00:00:00 2024 GMT
            Not After : Jul 25 23:59:59 2025 GMT
        Subject: C=US, ST=California, L=Palo Alto, O=Broadcom Inc., CN=cbcloud.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e5:80:a7:80:74:92:1f:50:22:17:5a:92:33:a4:
                    5a:05:3e:d8:cd:44:ac:4c:a2:d8:98:ba:16:ed:75:
                    07:ea:34:44:49:32:4a:6c:2f:e2:db:be:77:7c:cf:
                    59:36:5d:67:13:52:79:a8:6c:9a:80:02:af:0d:d6:
                    a6:ba:0c:37:16:c3:a1:96:4c:6a:e7:1c:28:26:05:
                    a4:72:b0:68:9f:c1:43:e9:e3:00:71:46:75:0d:08:
                    63:1e:12:8e:5f:bf:ed:13:37:31:60:c6:e2:c5:ca:
                    5f:7f:bf:12:58:4b:2e:ac:35:b3:23:48:de:39:0e:
                    11:9f:bb:81:eb:91:20:1e:b6:f6:b4:62:ee:52:0f:
                    32:b1:0a:d7:49:b7:c7:8e:50:31:29:e1:b3:6f:22:
                    4b:b3:43:65:5c:e3:fa:93:cb:10:1a:a5:eb:86:82:
                    fd:28:55:23:e0:8f:3b:76:a9:e1:ab:3e:48:8b:be:
                    83:73:59:2d:6b:7c:dc:b2:a2:6d:d2:37:85:b9:22:
                    6c:f2:e9:76:ee:4c:e1:b0:c5:e1:2a:3b:3a:11:11:
                    88:0f:d4:30:f1:6c:13:a8:aa:54:dd:3a:46:7e:ee:
                    e4:71:ca:28:0f:7c:82:8a:e7:69:41:4a:44:c9:28:
                    a2:15:e4:9d:47:d3:ea:f5:bd:9b:bc:35:c0:3f:88:
                    59:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
            X509v3 Subject Key Identifier: 
                9B:F5:8E:99:6F:0D:50:DD:19:DE:07:47:BF:1C:A5:B5:71:DF:DB:90
            X509v3 Subject Alternative Name: 
                DNS:cbcloud.de, DNS:shib.cbcloud.de, DNS:health.cbcloud.de
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
                                F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
                    Timestamp : Jul 25 00:08:29.365 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:DE:23:3B:91:B5:79:37:1C:87:71:0D:
                                04:11:BA:08:11:E2:29:43:CD:5B:18:68:9F:63:6F:0C:
                                4F:63:1C:AD:D8:02:20:63:FE:EF:94:86:3C:D9:6E:A5:
                                3B:61:70:A4:62:22:7C:9F:A0:8D:8C:B2:D4:9E:11:23:
                                84:BA:EA:BE:D5:DF:16
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Jul 25 00:08:29.371 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:98:6F:A6:E9:41:0E:D5:5E:B0:F8:F2:
                                73:4A:60:BF:26:AF:1F:1D:B7:9B:40:FA:2F:8E:44:ED:
                                DD:C0:36:95:6F:02:21:00:FC:EB:90:62:29:2C:5A:0A:
                                8D:7C:87:77:63:24:D0:44:DE:F9:E5:63:E6:09:92:B7:
                                F5:BC:06:A4:26:54:AD:BB
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Jul 25 00:08:29.333 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:46:60:BC:58:1B:98:8B:33:25:9D:05:8D:
                                F8:DF:8A:6A:7E:9C:6F:E0:A8:8A:48:6B:94:AC:22:4B:
                                B5:9D:6D:F0:02:20:77:8F:05:B2:AB:6A:05:CA:EB:6F:
                                6C:04:27:D9:CE:75:01:93:D6:D6:00:CA:89:86:A3:47:
                                49:06:04:33:D8:EA
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        25:6b:d2:42:bd:66:49:b5:a0:73:ea:0e:01:9d:9a:83:21:30:
        0a:44:32:9d:b2:00:d3:fd:a5:53:9c:19:f0:48:5d:c9:53:57:
        e7:1c:8f:11:67:b1:2d:60:e1:36:91:e4:04:5f:69:31:30:0d:
        84:c3:77:43:fc:16:34:d0:c0:cc:28:2f:15:71:4b:58:51:09:
        0c:b5:ca:9f:d5:38:69:03:77:39:21:d9:8c:76:b4:63:1f:3c:
        f9:57:3a:ad:5c:7e:54:4e:00:69:68:2f:52:15:e7:2e:bd:6d:
        57:7e:5f:b7:a3:fd:87:55:e8:c0:a3:73:36:49:2e:9a:70:1a:
        3d:f8:2a:bb:f6:68:49:bc:e4:ec:6b:01:c9:b1:ab:a4:48:09:
        92:ec:08:64:f0:38:ff:37:d3:98:eb:c5:34:39:4e:01:36:2d:
        21:d3:a0:4d:5d:c5:c9:33:5f:5e:e1:ee:4b:ad:7e:c0:d3:6d:
        d3:3d:4e:8f:95:e1:18:09:85:aa:41:ee:c8:16:dd:d7:76:9f:
        0a:13:25:14:2b:4f:94:76:35:c4:30:09:3c:f1:39:21:3c:a0:
        5a:10:c4:1f:c9:30:30:b8:10:c2:e7:f8:36:fc:6b:7c:0f:de:
        3e:0c:ce:c6:47:b2:d4:6c:b7:99:44:02:db:34:08:83:25:12:
        b5:24:b8:fa

Vulnerabilities

2 4

18.157.112.139

Last Seen: 2025-03-22

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

772258679 | 2025-03-18T19:45:18.334702

Hashes

nginx1.20.1

443 / tcp

-802868296 | 2025-03-22T09:55:21.884230

Hashes

nginx1.20.1

Products

Pricing

Contact Us

18.157.112.139

Last Seen: 2025-03-22

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

80 / tcp 772258679 | 2025-03-18T19:45:18.334702

Hashes

nginx1.20.1

443 / tcp -802868296 | 2025-03-22T09:55:21.884230

Hashes

nginx1.20.1

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

772258679 | 2025-03-18T19:45:18.334702

443 / tcp

-802868296 | 2025-03-22T09:55:21.884230