ManageEngine Vulnerability Manager Plus API

All Applicable Server Misconfigurations

This API provides the comprehensive list of all server misconfigurations.

Functionality
Fetch the list of server misconfigurations.

HTTP Method
GET

API URI
/dcapi/threats/servermisconfigurations

Scope
DesktopCentralCloud.VulnerabilityMgmt.READ

Filters
hardeningname={String}:

Filters web server misconfigurations that contain the provided hardening name.

description={String}:

Filters web server misconfigurations that contain the provided hardening description.

resolution={String}:

Filters web server misconfigurations that contain the provided hardening resolution.

hardeningid={Numeric}:

Filters web server misconfigurations based on the hardening ID provided.

category={String}:

Filters web server misconfigurations based on the category provided.

os_platform_name={String}:

Filters web server misconfigurations based on the platform provided.

severity={String}:

Filters web server misconfigurations based on the severity provided.

updated_time={Numeric}:

Filters web server misconfigurations based on the updated time provided.

published_time={Numeric}:

Filters web server misconfigurations based on the published time provided.

Display preferences
page={Numeric}:

Displays the content of the provided page number.

pageLimit={Numeric}:

Displays the provided number of server misconfigurations details per page.

Response Data

 {
        "metadata": {
        "pageLimit": 30,
        "totalRecords": "2",
        "totalPages": 1,
        "links": {
        "next": null,
        "prev": null
        },
        "page": 1
        },
        "response_code": 200,
        "message_type": "servermisconfigurations",
        "message_response": {
        "servermisconfigurations": [
        {
        "os_platform_name": "Windows",
        "severity": "Moderate",
        "updated_time": "1540475593000",
        "affected_systems": 1,
        "published_time": "1540475595000",
        "hardeningid": "55",
        "description": "You can mitigate most of the common
       Cross Site Scripting attack using HttpOnly and Secure flag
       in a cookie. Without having HttpOnly and Secure, it is
       possible to steal or manipulate web application session and
       cookies and it s dangerous.",
        "hardeningname": "Set cookie with HttpOnly and
       Secure flag",
        "category": "Session hijacking",
        "resolution": "Check the HTTP header if the cookies
       contain HTTPOnly and Secure flag"
        },
        {
        "os_platform_name": "Windows",
        "severity": "Info",
        "updated_time": "1540475593000",
        "affected_systems": 1,
        "published_time": "1540475595000",
        "hardeningid": "111",
        "description": "The default installation of Tomcat
       includes connectors with default settings. These are
       traditionally set up for convenience, but may lead to
       security exposure. If you're using an application bundled
       with this web server, contact the application vendor to
       obtain the details of necessary connectors, and remove the
       connectors that are unused",
        "hardeningname": "Verify TomCat XML for unused
       connectors",
        "category": "Default Contents",
        "resolution": "Remove or comment each unused
       Connector in $CATALINA_HOME/conf/server.xml."
        }
        ]
        },
        "status": "success"
        }