GeneralInformation

Hostnames	ec2-18-157-122-198.eu-central-1.compute.amazonaws.com metabase.morphoses.io
Domains	amazonaws.com morphoses.io
Cloud Provider	Amazon
Cloud Region	eu-central-1
Cloud Service	EC2
Country	Germany
City	Frankfurt am Main
Organization	A100 ROW GmbH
ISP	Amazon.com, Inc.
ASN	AS16509

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(2)

CVE-2024-8184

5.9There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

CVE-2024-6763

3.7Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

OpenPorts

80 443

80 / tcp

1949896279 | 2025-02-26T12:23:56.074372

Hashes

hash

422923811

http.dom_hash

-2060582466

http.html_hash

1949896279

http.server_hash

-982608622

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Wed, 26 Feb 2025 12:23:48 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://18.157.122.198:443/

443 / tcp

1127149695 | 2025-03-14T03:49:47.658744

Hashes

hash

1744715760

http.dom_hash

-976138552

http.favicon.hash

1953726032

http.html_hash

1127149695

http.robots_hash

-377784238

http.server_hash

1984671138

http.title_hash

-330179158

Metabase

HTTP/1.1 200 OK
Date: Fri, 14 Mar 2025 03:49:47 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 14 Mar 2025 03:49:47 GMT
Strict-Transport-Security: max-age=31536000
Set-Cookie: metabase.DEVICE=9e87682e-57df-4632-b973-5828d5fa6e10; HttpOnly; Path=/; Expires=Tue, 14 Mar 2045 03:49:47 GMT; SameSite=None; Secure
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' https://maps.google.com https://accounts.google.com https://www.google-analytics.com   'sha256-9uFLu5CG8mWlvx0LK6lgendCxUX57TuWk3wkgZpBeWU=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE=' 'sha256-3N2Z+Nu++/yNMVHIl863JigVmt2Nr9gt2doEMJT2Wzk='; child-src 'self' https://accounts.google.com; style-src 'self' 'nonce-SzCpSfFqWK'   https://accounts.google.com; font-src *; img-src * 'self' data:; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com  ; manifest-src 'self';  frame-ancestors 'none';
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Server: Jetty(11.0.20)

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:0c:ad:67:bc:9d:42:ec:44:78:94:9c:9b:08:e9:65
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Amazon, CN=Amazon RSA 2048 M03
        Validity
            Not Before: Aug 14 00:00:00 2024 GMT
            Not After : Sep 12 23:59:59 2025 GMT
        Subject: CN=metabase.morphoses.io
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b3:f0:f8:d1:a7:f8:97:6f:ff:d5:35:8f:e3:ba:
                    a9:29:6c:ae:c0:d3:9e:a5:9f:14:7b:d5:67:1e:19:
                    b3:7f:63:c8:e3:ef:a8:84:0d:04:56:bb:0f:fb:04:
                    59:17:69:9d:53:a0:a3:be:c0:d8:2b:21:b4:92:9d:
                    6c:fd:7e:30:10:ce:e1:c8:eb:49:d7:03:87:67:13:
                    97:ca:d9:fc:4a:1b:34:1e:ca:66:90:11:77:98:64:
                    88:1c:a2:a6:66:54:f0:5d:57:c4:ba:56:9d:74:66:
                    e2:ee:eb:72:d3:72:7b:08:39:94:75:b1:44:a7:0f:
                    94:21:ec:e2:2a:1a:47:1b:00:18:c2:ae:23:6e:32:
                    95:8d:bb:ff:b1:9f:b8:fb:5c:b8:ec:d5:87:1a:91:
                    a6:a5:23:0a:33:24:63:d6:e2:b2:64:94:86:d8:37:
                    0e:20:cb:7b:ae:c0:10:24:8c:3d:fa:b1:bd:ba:83:
                    3e:d9:29:fc:a7:8d:42:10:70:61:71:95:a4:85:7f:
                    77:90:90:da:0b:a4:ed:d5:82:07:bd:9e:86:58:88:
                    27:80:50:43:e6:df:47:0c:52:c7:69:95:10:6f:08:
                    96:eb:c8:8a:77:f1:86:d7:94:87:17:81:39:15:80:
                    3d:b5:ef:8c:fd:9b:9e:20:28:09:0f:c5:95:90:9a:
                    af:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                55:D9:18:5F:D2:1C:CC:01:E1:58:B4:BE:AB:D9:55:42:01:D7:2E:02
            X509v3 Subject Key Identifier: 
                07:52:1E:17:CC:D7:C8:E8:7A:43:18:40:80:07:E2:E4:05:95:7C:B4
            X509v3 Subject Alternative Name: 
                DNS:metabase.morphoses.io
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.r2m03.amazontrust.com/r2m03.crl
            Authority Information Access: 
                OCSP - URI:http://ocsp.r2m03.amazontrust.com
                CA Issuers - URI:http://crt.r2m03.amazontrust.com/r2m03.cer
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
                                F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
                    Timestamp : Aug 14 08:18:29.403 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:32:95:98:3E:00:72:26:57:DE:CA:FD:F2:
                                C4:22:97:69:8B:4B:87:87:44:1F:2B:0B:22:83:A5:A4:
                                B6:7F:2D:8E:02:20:1F:63:C9:7F:78:AC:E6:41:C9:10:
                                41:9C:C9:D7:CB:61:5E:C7:7D:CE:94:0A:42:28:F3:4B:
                                64:72:AE:E4:72:2F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
                                87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
                    Timestamp : Aug 14 08:18:29.337 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:A1:08:A5:35:4D:D7:5C:70:6D:A6:39:
                                66:70:A2:F6:C1:CD:80:4A:FA:95:9B:BE:76:05:D0:AC:
                                5E:A2:67:6C:AB:02:20:61:C0:54:07:2C:A9:B5:89:2B:
                                8C:DF:9A:9C:9D:D4:C7:8C:C0:61:3D:0E:91:94:47:13:
                                81:0D:64:EA:DD:DA:64
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Aug 14 08:18:29.358 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:6C:EE:A4:68:4F:CB:CD:77:B3:62:3C:7B:
                                C2:07:5E:2F:BB:AB:73:B5:FA:18:D8:AC:F1:BD:B2:BC:
                                CE:75:D1:1F:02:20:63:AE:98:4E:E1:F9:8D:05:E7:F8:
                                11:B1:75:8A:FB:36:46:2A:00:1D:12:9F:A7:21:5D:96:
                                B6:60:09:90:B1:3C
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        51:c3:de:30:aa:e0:0a:0c:29:c8:97:a5:0f:d2:d9:9d:a0:8e:
        5d:01:3b:60:e2:38:66:11:e5:8c:0e:65:f1:9f:95:e3:ff:45:
        2d:8b:58:63:2a:23:f2:c9:23:23:b8:5e:e6:94:3c:39:18:87:
        0f:da:e3:db:c7:b7:a7:04:45:98:dd:3c:df:8e:70:ad:04:5c:
        da:7d:3b:d6:29:77:61:8c:f2:b2:99:a9:2d:a1:bb:1a:96:99:
        c6:b2:6b:63:36:fe:2b:60:42:26:1e:56:84:41:6f:91:f9:3a:
        e0:32:c4:04:ec:a8:17:d0:5c:b2:12:ff:71:dd:10:50:9a:9a:
        e0:68:08:1b:d8:94:c2:bc:8e:32:fb:9b:dd:1f:92:71:10:8e:
        53:4f:e8:0d:c0:36:63:6a:f4:27:f5:f3:c3:95:7b:63:07:6a:
        fb:ce:8f:70:da:12:07:f0:23:e7:2f:c5:08:58:e9:e8:c5:58:
        85:8c:c3:2c:ff:00:4a:e8:06:04:49:7f:07:37:73:df:91:8b:
        84:e2:d3:51:40:19:e9:3a:f3:8e:b5:da:86:e5:ed:83:f1:9f:
        57:56:f8:5b:ff:ac:5f:d7:c1:95:ee:ff:ec:14:61:b5:ab:29:
        6b:6c:39:f0:0b:96:44:5f:23:fc:b8:66:cc:8c:5c:6b:9d:d2:
        c2:9f:c0:61

Vulnerabilities

1 1

18.157.122.198

Last Seen: 2025-03-14

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

80 / tcp

1949896279 | 2025-02-26T12:23:56.074372

Hashes

AWS ELB2.0

443 / tcp

1127149695 | 2025-03-14T03:49:47.658744

Hashes

Metabase

Products

Pricing

Contact Us

18.157.122.198

Last Seen: 2025-03-14

Tags:

GeneralInformation

Vulnerabilities All ports Port 443 Latest CVSS

OpenPorts

80 / tcp 1949896279 | 2025-02-26T12:23:56.074372

Hashes

AWS ELB2.0

443 / tcp 1127149695 | 2025-03-14T03:49:47.658744

Hashes

Metabase

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1949896279 | 2025-02-26T12:23:56.074372

443 / tcp

1127149695 | 2025-03-14T03:49:47.658744