This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 25%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Hi,
I was told that port 5985 and 47001 have following 2 vulnerabilities:
After reading the internet, I come to know these 2 ports are used by WinRM.
Can I clarify if first item is true (WinRM really supports those HTTP methods), or is it just the way the test is conducted (if you submit a request with DELETE method and don't get 405 code it does not always mean that DELETE method is supported).
As for the second item, is there a way to remove it?
Thanks a lot in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
WinRM is a remote management service for Windows that is installed.
As far as I know, this service authenticated services are tied to an HTTP or HTTPS SOAP listener and support Kerberos and NTLM authentication by default. In older versions of WinRM, it listens on 80 and 443 respectively. On newer versions, it listens on 5985 and 5986 respectively.
Also please refer to the link below. Then information may be helpful to you.
https://jstuyts.github.io/Secure-WinRM-Manual/server-configuration.html
Best Regards,
Carl
Hi Carl,
Appreciate your response.
I have read the link but it does not have the answer to my 2 questions.
1) What are the HTTP method that WinRM support/use, is it only GET/POST or does it include the unsafe ones like TRACE/DELETE? I don't see why WinRM needs to support those unsafe methods but it is not mentioned anywhere that it does not.
2) regarding server version is disclosed on HTTP response header (Microsoft-HTTPAPI/2.0), I have found a documented registry change that we can apply to fix the disclosure. So this is no longer an issue. As below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader
Thank you.