Description

The web application exposes Node.js Debugger port. It's not recommended to have Node.js Debugger service publicly accessible as the debugger has full access to the Node.js execution environment and an attacker may be able to execute arbitrary javascript code.

Remediation

Disable Debugger or restrict access to it

References

Debugging Guide

Related Vulnerabilities

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5554)

Spring Boot Actuator v2

PHP register_globals enabled

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Code Execution