uWSGI is a web application server, which implements protocols such as WSGI/uwsgi/http, and supports for various languages through plugins.
uWSGI allows configuring back-end web application dynamically through uwsgi protocol magic variables. If the uWSGI port is exposed, attackers can construct uwsgi packets and specify the magic variable UWSGI_FILE to execute arbitrary commands using the exec:// protocol.
It was confirmed that the uWSGI port 8000 is publicly accessible.
- The uWSGI port should not be publicly accessible. uWSGI should be configured to listen only on the local interface (127.0.0.1).