Port 9090 Details

known port assignments and vulnerabilities

threat/application/port search:

Port(s)	Protocol	Service	Details	Source
9090	tcp	servers	Cherokee Web Server Admin Panel, Aphex Remote Packet Sniffer, SqueezeCenter control (CLI), Webwasher, Secure Web, McAfee Web Gateway - Default Proxy Port, Openfire Administration Console Linux browser-based server administration platform (Cockpit Fedora, Arch Linux, CentOS, RHEL) - listens on port 9090 tcp by default (both HTTP and HTTPS connections). Symantec Endpoint Protection Manager (SEPM) uses this port for initial HTTP communication between a remote management console and the SEPM to display the login screen. Prometheus (open-source system monitoring) uses these TCP ports: 9090 (server) 9091 (Pushgateway) 9093 (Alertmanager) 9094 (Alertmanager clustering) 9100-9563 - Prometheus Exporters See: https://github.com/prometheus/prometheus/wiki/Default-port-allocations RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. References: [CVE-2002-0781] Multiple HP Intelligent Management Center products could allow a remote attacker to execute arbitrary code on the system, caused by an error in the iNOdeMngChecker.exe component. An attacker could exploit this vulnerability to execute arbitrary code on the system with SYSTEM-level privileges. References: [XFDB-68348] SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `--grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1. ### Impact All deployments abiding by the recommended best practices for production usage are NOT affected: - Authzed's SpiceDB Serverless - Authzed's SpiceDB Dedicated - SpiceDB Operator Users configuring SpiceDB via environment variables are NOT affected. Users MAY be affected if they expose their metrics port to an untrusted network and are configuring `--grpc-preshared-key` via command-line flag. ### Patches TODO ### Workarounds To workaround this issue you can do one of the following: - Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`) - Reconfigure the `--metrics-addr` flag to bind to a trusted network (e.g. `--metrics-addr=localhost:9090`) - Disable the metrics service via the flag (e.g. `--metrics-enabled=false`) - Adopt one of the recommended deployment models: [Authzed's managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator) ### References - [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6) - [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet - [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux - [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue ### Credit We'd like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability. References: [CVE-2023-29193] WebSM (IANA official)	SG
9090	udp	applications	MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. References: [CVE-2006-0360], [BID-16285], [SECUNIA-18512] ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. References: [CVE-2006-0302] [BID-16285] [SECUNIA-18511] [OSVDB-22516]	SG
9090	tcp		Openfire Administration Console (unofficial)	Wikipedia
9090	tcp		SqueezeCenter control (CLI) (unofficial)	Wikipedia
9090	tcp	trojan	Aphex's Remote Packet Sniffer	Trojans
9090	tcp	zeus-admin	Zeus admin server	SANS
9090	tcp	zeus-admin	Zeus admin server	Nmap
9090	tcp,udp	websm	WebSM	IANA

8 records found

Related ports: 2638 2812 2967 8014 8080 9091

News Glossary of Terms

Cool Links SpeedGuide Teams

SG Premium Services SG Gear Store

Registry Tweaks Broadband Tools

Downloads/Patches Broadband Hardware

SG Ports Database Security

Default Passwords User Stories

Broadband Routers Wireless

Firewalls / VPNs Software

Hardware User Reviews

Broadband Security

Editorials General

User Articles Quick Reference

Broadband Forums General Discussions

Advertising Awards

Link to us Server Statistics

Helping SG About

XML - RSS Feeds

General Links Broadband Links Networking Links

SG TCP/IP Analyzer SG TCP/IP Optimizer SG Security Scanner SG Speed Test IP Address Locator MAC Address OUI Search Network Tools Bits/Bytes Calculator RWIN/BDP Calculator DSL Speed Calculator WLAN Key Generator Hash Generator

TCP Optimizer Download TCP Optimizer Documentation

Scanned Ports Commonly Open Ports All Ports

Broadband Speed Test Test Stats Provider Stats Country Stats Mirror Stats

Cable Horror Story Cable-Modem Security Worries D-Link DFL-300 VPN Router DSL Hell Get a Cable Modem - Go to Jail ??!? (external) Intermittent Cable signal It Figures - The need for a firewall MediaOne RoadRunner - Kicking in Network adapter MAC/OUI/Brand affect latency Road Runner Security - File and Print Sharing Router speed drop solved RR Tech Support Incompetence ... Short Stories and Fixes Squirrels and rain can slow down an ADSL modem... Telefonica Incompetence, Xenophobia or Fraud? The IP That Just Wouldn\'t Stick. Wireless Networks and WEP

Belkin F5D5230 Compex NetPassage 15B D-Link DI-701 Linksys BEFSR41 Router SOHOWARE BroadGuard NBG800 WebRamp 700s ZyXEL Prestige 310 Nexland

ISB2LAN Router Review Nexland ISB-SOHO

Cayman 2E-H-W Compex NetPassage 26G Wireless Gateway Diamond HomeFree SMC Barricade 7004AWBR

ZyXEL ZyWALL 10

Tiny Software Personal Firewall v1.0 WinGate 4.1.1

Linksys Instant GigaDrive

Acer TravelMate 292 XC Laptop D-Link DI-524 Wireless Router First look at Nexland Pro 400 ADSL with Wireless Netgear RP614 Review

Bits, Bytes and Bandwidth Reference Guide Ethernet auto-sensing and auto-negotiation How to Make Network Cables How to repair TCP/IP and Winsock How to set a Wireless Router as an Access Point Internet connection Sharing Internet Data Caps compared Network Adapter Optimization Router Configuration Guide TCP Congestion Control Algorithms Comparison The TCP Window, Latency, and the Bandwidth Delay product Windows 10 Anniversary updates to TCP Wireless Antenna Guide Wireless Network Speed Tweaks WLAN Primer

General Security Guide How To Crack WEP and WPA Wireless Networks How to Secure your Wireless Network How to Stop Denial of Service (DoS) Attacks IRDP Security Vulnerability in Windows 9x Which VPN Protocol to use? Why encrypt your online traffic with VPN ?

Cable Modems Technology Overview CISCO/VALVE PowerPlay MTU, what difference does it make ? Satellite Internet - What is it ? Server Based Network Guide Tom\'s Easy Home Networking Uncapping, The makings of a Semi-Myth

How to Backup using Batch Files How to Backup using Batch Files under Windows 10 Ramdisk Guide SSD Linux Tweaks SSD Speed Tweaks Windows 2k/XP Tweaks Windows 9x Tweaks

5 Ways to Improve your Wireless Network Cable modem signal levels Cable Troubleshooting Guide Crimson Editor Difference between Routers, Switches and Hubs How DSL Internet Access Works ISPs hijack failed searches The History of DSL Internet Access Tips to improve your SNR Wi-Fi Standards Glossary Wireless Broadband service and LONG Range

ADSL VPI, VCI and Encapsulation settings BIOS Error Codes Choosing RAM Type How to turn Wireless on/off in various Laptop models Linux TCP/IP parameters reference Subnetting and IPv4 Address Classes TCP Structure - Transmission Control Protocol The TCP/IP and OSI Network Models TLD Country Code Reference UDP - User Datagram Protocol Wireless LAN Standards