|
Port 443 Details
known port assignments and vulnerabilities
threat/application/port search:
| Port(s) |
Protocol |
Service |
Details |
Source |
| 443 |
tcp |
https |
HTTPS / SSL - encrypted web traffic, also used for VPN tunnels over HTTPS.
Apple applications that use this port: Secured websites, iTunes Store, FaceTime, MobileMe (authentication) and MobileMe Sync.
ASUS AiCloud routers file sharing service uses ports 443 and 8082. There is a vulnerability in AiCloud with firmwares prior to 3.0.4.372 , see [CVE-2013-4937]
Ubiquiti UniFi Cloud Access uses ports 443 TCP/UDP, 3478 UDP, 8883 TCP.
SoftEther VPN (Ethernet over HTTPS) uses TCP Ports 443, 992 and 5555
Ooma VoIP - uses UDP port 1194 (VPN tunnel to the Ooma servers for call/setup control), ports 49000-50000 for actual VoIP data, and ports TCP 443, UDP 514, UDP 3480
Open Mobile Alliance (OMA) Device Management uses port 443/TCP.
Cisco Webex Teams services uses these ports:
443,444,5004 TCP
53, 123, 5004, 33434-33598 UDP (SIP calls)
Syncthing listens on TCP ports 443, 22067, 22070
AnyDesk remote desktop software uses TCP ports 80, 443, 6568, 7070 (direct line connection)
Call of Duty World at War uses this port.
Trojans that use this port:
W32.Kelvir.M [Symantec-2005-040417-3944-99] (2005.04.04) - worm that spreads through MSN Messanger and drops a variant of the W32.Spybot.Worm [Symantec-2003-053013-5943-99]. Connects to IRC servers on the s.defonic2.net and s.majesticwin.com domains, and listens for commands on port 443/tcp.
eCharge Hardy Barth cPH2/cPP2 charging stations - Hard-Coded Certificate and Private Key for HTTPS Web Interface, exposed SSL private key is vulnerable to man-in-the-middle attacks against users of the web admin interface. References: [CVE-2025-48417]
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
References: [CVE-2011-3305] [BID-49954]
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
References: [CVE-2010-3036] [BID-44468] [SECUNIA-42011] [OSVDB-68927]
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.
References: [CVE-2008-0401] [BID-27387] [SECUNIA-28604]
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
References: [CVE-2012-3075]
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
References: [CVE-2013-5531]
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
References: [CVE-2013-5530]
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
References: [CVE-2016-3963]
Siemens SIMATIC S7-1200 is vulnerable to a denial of service, caused by an error when handling specially-crafted HTTPS traffic passed to TCP port 443. By sending specially-crafted packets to TCP port 443, a remote attacker could exploit this vulnerability to cause the device to go into defect mode.
References: [CVE-2014-2258] [XFDB-92059]
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.
References: [CVE-2017-6873], [BID-99473]
A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.
References: [CVE-2017-6869], [BID-99343]
A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.
References: [CVE-2018-13807], [BID-105331]
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.
References: [CVE-2023-22897]
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
References: [CVE-2023-22620]
The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.
References: [CVE-2025-48417]
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
References: [CVE-2025-30037]
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.
References: [CVE-2025-1044]
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the user's license expiration date. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25029.
References: [CVE-2024-7604]
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028.
References: [CVE-2024-7603], [CVE-2024-7602], [CVE-2024-7601], [CVE-2024-7600]
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.
References: [CVE-2024-51979], [CVE-2024-51977] |
SG
|
| 443 |
udp |
games |
Port used by Google talk.
Games that use this port: Final Fantasy XI |
SG
|
| 443 |
tcp,udp |
|
Hypertext Transfer Protocol over TLS/SSL (HTTPS) (official) |
Wikipedia
|
| 443 |
tcp |
trojan |
Slapper |
Trojans
|
| 443 |
tcp |
https |
HTTP protocol over TLS SSL |
SANS
|
| 443,1024-5000,5190 |
tcp,udp |
applications |
AIM Video IM |
Portforward
|
| 80,443 |
tcp |
applications |
BarracudaDrive |
Portforward
|
| 80, 443, 1024-1124, 4711, 9960-9969, 17475, 18060, 18120, 18300, 18510, 27900, 28910, 29900 |
tcp |
applications |
Battlefield 2142 |
Portforward
|
| 80,443,3074,5223 |
tcp |
applications |
Call of Duty - World at War |
Portforward
|
| 443 |
tcp,udp |
applications |
FileTopia |
Portforward
|
| 443,13505 |
udp |
applications |
Medal of Honor Rising Sun |
Portforward
|
| 80,443,5223 |
tcp |
applications |
PlayStation Network |
Portforward
|
| 53,80,443,10070-10080 |
tcp |
applications |
Socom, Socom 2. Also uses ports 6000-6999,10070 udp |
Portforward
|
| 53,80,443,10070,10080 |
tcp |
applications |
Twisted Metal Black Online (also uses ports 6000-6999 udp) |
Portforward
|
| 443 |
tcp |
https |
secure http (SSL) |
Nmap
|
| 443 |
udp |
https |
https |
Nmap
|
| 443 |
tcp,udp |
https |
HTTP protocol over TLS/SSL |
Neophasis
|
| 443 |
tcp |
threat |
Civcat |
Bekkoame
|
| 443 |
tcp |
threat |
Tabdim |
Bekkoame
|
| 443 |
tcp |
threat |
W32.Kelvir |
Bekkoame
|
| 443 |
tcp |
threat |
W32.Kiman |
Bekkoame
|
| 443 |
tcp,udp |
https |
http protocol over TLS/SSL, modified: 2017-07-26 |
IANA
|
| 443 |
sctp |
https |
HTTPS [RFC4960] |
IANA
|
|
23 records found
Related ports: 444 992 1741 1924 3074 3075 3478 3479 4443 5223 5555 8082 8883 9443 10443 25 110 5222
|