Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Exposed Glances API" module is designed to detect misconfigurations in the Glances system monitoring tool. Glances is a cross-platform system monitoring tool written in Python. This module focuses on identifying potential vulnerabilities in the Glances API.
Severity: Low
Author: princechaddha
If a misconfiguration is detected in the Glances API, it could potentially expose sensitive system information to unauthorized users. This could lead to security breaches and compromise the integrity of the monitored system.
The "Exposed Glances API" module uses HTTP request templates and matching conditions to identify misconfigurations in the Glances API. It sends HTTP requests to the target system and checks for specific patterns in the response body.
Example HTTP request:
GET /glances.config HTTP/1.1
Host: example.com
The module's matching conditions include:
- Checking the HTTP response status code, which should be 200 (OK). - Searching for specific words in the response body, such as "title">Glances", "glances.config", and "".If all matching conditions are met, the module will report a potential misconfiguration in the Glances API.
For more information about Glances, you can visit the official Glances documentation.