LUA listed by vulnerability scanners as susceptible to shutdown exploitation.
search cancel

LUA listed by vulnerability scanners as susceptible to shutdown exploitation.


Article ID: 234014


Updated On:


Endpoint Protection


During vulnerability scanning you are advised the Liveupdate Administrator is vulnerable to a Remote shutdown exploit on port 8005.   


Windows 2008-r2, Windows 2012, Windows 2016, Windows 2019, Windows 10

All Versions of Tomcat in the Liveupdate Administrator product.


The Liveupdate administrator uses a default install of Tomcat/Apache to manage file distribution to client devices.  In this default state Remote shutdown port is active but useable only on the local host itself.  Because vulnerability scanners only validate if the 'function is enabled' and not the actual configuration of the port the device is flagged as vulnerable erroneously. 


To stop vulnerability scanners from triggering on the shutdown entry in the SERVER.XML you can modify the Liveupdate Administrators SERVER.XML Shutdown port entry as follows ::

Make a Desktop COPY of the Liveupdate Administrator's SERVER.XML
Open and EDIT the Liveupdate Administrator copy of the SERVER.XML in C:\Program Files (x86)\Symantec\LiveUpdate Administrator\tomcat\conf
Find line below and alter the port within the quotes to a -1 values as seen below.

Find >
<Server port="8005" shutdown="SHUTDOWN">

Change to >
<Server port="-1" shutdown="SHUTDOWN">

This will close the port.  And the vulnerability scanner should no longer trigger on the Liveupdate Administrator.

Restart the device or restart the Liveupdate Administrator services to force the port to close. 

Source link: