GeneralInformation

Hostnames	cloud.stuckmann-kraemer.de bitwarden.stusas.de cloud.stusas.de ip-037-024-092-193.um08.pools.vodafone-ip.de
Domains	stuckmann-kraemer.de stusas.de vodafone-ip.de
Country	Germany
City	Frankfurt am Main
ISP	Vodafone GmbH
ASN	AS3209
Operating System	Ubuntu

SecurityContact

Contact	https://hackerone.com/nextcloud
Expires	2025-08-31T23:00:00.000Z
Acknowledgments	https://github.com/nextcloud/security-advisories/security/advisories
Policy	https://hackerone.com/nextcloud
Preferred-Languages	en

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2023(1)

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2021(2)

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

OpenPorts

80 443

80 / tcp

1651973090 | 2025-03-31T17:38:57.789267

Hashes

hash

-1597099677

http.dom_hash

-2049760045

http.html_hash

1651973090

http.server_hash

967792298

http.title_hash

911614014

Welcome to nginx!

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 31 Mar 2025 17:38:57 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 17 Sep 2022 09:10:30 GMT
Connection: keep-alive
ETag: "63258f06-264"
Accept-Ranges: bytes

Vulnerabilities

443 / tcp

-160908982 | 2025-03-26T16:38:59.532942

Hashes

hash

469950032

http.dom_hash

1437104702

http.favicon.hash

1463428994

http.html_hash

-160908982

http.robots_hash

-1022729730

http.securitytxt_hash

-230031405

http.server_hash

967792298

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Mar 2025 16:38:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-XP6IlhaLvln1hEvGpKUmlx5oBtd8WwjaDOvFbDqG044=' 'self' cloud.stuckmann-kraemer.de 'unsafe-eval';script-src-elem 'strict-dynamic' 'nonce-XP6IlhaLvln1hEvGpKUmlx5oBtd8WwjaDOvFbDqG044=' 'self' cloud.stuckmann-kraemer.de 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: * https://*.tile.openstreetmap.org https://cloud.stuckmann-kraemer.de;font-src 'self' data:;connect-src 'self' blob: * wss://cloud.stuckmann-kraemer.de;media-src 'self';frame-src 'self' nc: https://cloud.stuckmann-kraemer.de;frame-ancestors 'self' https://cloud.stuckmann-kraemer.de;form-action 'self' https://cloud.stuckmann-kraemer.de
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self' https://cloud.stuckmann-kraemer.de;geolocation 'self';microphone 'none';payment 'none'
Referrer-Policy: no-referrer
Set-Cookie: oc_sessionPassphrase=wrG4Te7F0GJnFiX6r3oznRJu%2BNpsgF%2FwxiXKDXDYTSPa0nnJIXcCM2Cbq2%2BHCiOj10LqW89pY5gk7g50ohOIDsE7v26zVTJ3bOtZv5IoGxlcuIg1gj2aN4Osrx5bv2JE; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Set-Cookie: ocumwckzrk05=a728b30f01b0aa81f0d144f4d88508a8; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=31536000;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: v4zCvejFZEzACWh1iNQw
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:6f:dd:75:77:c3:82:1b:06:81:9c:55:2b:35:46:eb:dd:bd
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R11
        Validity
            Not Before: Mar  8 23:50:06 2025 GMT
            Not After : Jun  6 23:50:05 2025 GMT
        Subject: CN=cloud.stuckmann-kraemer.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:05:fa:13:7d:4f:11:f9:82:2a:29:0c:cb:4e:
                    17:43:2b:f0:4b:d0:ea:7f:60:95:c4:f2:bf:d2:28:
                    30:18:a6:cc:ef:2b:55:41:52:17:0f:f6:46:d7:b0:
                    a1:96:85:e2:76:ba:3b:ef:14:c5:59:0a:7f:4c:68:
                    4a:37:5e:3a:8a:90:da:aa:cb:e9:84:38:94:23:be:
                    9d:9a:98:d4:f6:b8:65:97:ba:b5:a3:ae:eb:f9:c6:
                    4b:32:e4:9e:29:89:c8:9c:de:ba:97:ca:4d:f3:9f:
                    3d:f8:61:c0:31:e9:a3:26:72:a7:cc:5b:3d:6b:6b:
                    70:65:5a:6f:73:7d:e6:5f:ca:28:50:53:22:fe:59:
                    5c:14:d2:36:95:46:e7:64:4d:c3:f7:6c:89:c7:4a:
                    3b:9e:f5:72:96:88:6d:cf:a4:70:50:f5:5c:e6:ef:
                    69:bb:d4:fa:38:4f:07:67:22:42:31:73:20:8d:c2:
                    9e:1a:e1:9c:d7:2c:10:41:eb:86:d6:a9:f9:d5:35:
                    26:b6:69:5a:ae:bf:d5:a3:1c:39:12:4d:11:c3:65:
                    fb:1b:17:b6:b7:93:94:8f:03:1c:f1:67:9a:bb:67:
                    4c:9d:42:3b:4e:5c:db:d1:50:43:6d:05:39:85:3d:
                    fb:e6:57:c3:94:88:64:a3:a6:9f:f2:2d:67:91:df:
                    76:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                CF:E6:BF:9F:2B:97:BB:F1:92:78:5C:C7:85:9D:7F:56:70:F3:3C:2D
            X509v3 Authority Key Identifier: 
                C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
            Authority Information Access: 
                OCSP - URI:http://r11.o.lencr.org
                CA Issuers - URI:http://r11.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:bitwarden.stusas.de, DNS:cloud.stuckmann-kraemer.de, DNS:cloud.stusas.de
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 73:20:22:0F:08:16:8A:F9:F3:C4:A6:8B:0A:B2:6A:9A:
                                4A:00:EE:F5:77:85:8A:08:4D:05:00:D4:A5:42:44:59
                    Timestamp : Mar  9 00:48:36.928 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:36:07:E0:0C:72:73:B2:C7:B5:B3:EB:30:
                                87:E5:B4:4E:9A:7F:93:3B:35:EE:F8:7D:1D:1C:D9:DC:
                                A7:6A:A5:AD:02:21:00:CC:40:84:46:C5:66:E1:73:E8:
                                7D:70:47:38:09:FC:5B:E8:90:96:03:04:4B:10:90:1E:
                                4F:FF:1B:15:82:D4:C3
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
                                1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
                    Timestamp : Mar  9 00:48:36.930 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:54:C8:73:35:4B:72:26:30:50:08:B2:BE:
                                DC:10:D6:4D:85:53:4A:0D:84:16:DD:76:84:66:26:78:
                                45:D7:1B:06:02:21:00:B2:C3:96:11:39:FD:E5:8A:4F:
                                9C:C6:F0:75:6B:5E:C9:0A:0D:B3:17:7E:9E:2B:84:15:
                                66:B8:89:DE:B5:43:A9
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4a:00:e1:39:b4:5e:00:2a:59:32:54:55:64:e1:12:66:d4:60:
        85:ba:a5:79:7b:88:41:f6:e9:5a:0d:2b:e0:98:1f:41:48:66:
        98:cd:d4:56:41:55:cb:e7:10:5d:75:cb:58:7c:27:0e:ce:fe:
        6c:6b:f3:5d:3a:24:0f:fd:10:b9:cd:7f:27:f0:70:a3:ba:4e:
        a4:18:b1:f7:6d:5e:27:ff:e2:5b:91:ea:62:f2:fc:19:04:28:
        c5:d8:91:77:cf:a4:9c:9f:68:72:a8:86:6e:62:a0:19:a3:28:
        0d:ea:c4:16:6f:b8:6a:9a:b6:36:37:9d:ef:b7:3e:83:ab:c6:
        da:e3:91:a4:af:e3:df:6f:2e:b2:b4:e9:a3:17:3b:65:0f:d7:
        b5:c9:99:04:4b:5e:65:62:7e:78:e7:9d:a7:2d:77:b6:70:59:
        89:5f:94:bb:93:6d:97:d6:20:15:cf:c5:dc:ea:d1:12:ae:8c:
        a4:69:76:ad:9f:21:67:af:ca:0a:5f:8c:66:a9:9c:f3:05:b6:
        32:ba:6d:50:ac:ca:4f:d0:3c:11:03:69:b6:ce:44:c5:aa:6b:
        d0:85:93:89:ed:fa:bd:bb:c6:c9:3b:41:df:24:25:e3:8b:e4:
        2b:8d:6a:35:40:d8:f7:92:21:c9:84:b5:3a:86:aa:83:11:d5:
        63:de:e3:c5

Vulnerabilities

37.24.92.193

Last Seen: 2025-03-31

Tags:

GeneralInformation

SecurityContact

Vulnerabilities

OpenPorts

80 / tcp

1651973090 | 2025-03-31T17:38:57.789267

Hashes

nginx1.18.0

443 / tcp

-160908982 | 2025-03-26T16:38:59.532942

Hashes

nginx1.18.0

Products

Pricing

Contact Us

37.24.92.193

Last Seen: 2025-03-31

Tags:

GeneralInformation

SecurityContact

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

80 / tcp 1651973090 | 2025-03-31T17:38:57.789267

Hashes

nginx1.18.0

443 / tcp -160908982 | 2025-03-26T16:38:59.532942

Hashes

nginx1.18.0

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1651973090 | 2025-03-31T17:38:57.789267

443 / tcp

-160908982 | 2025-03-26T16:38:59.532942