TCP Web

Port 80 (HTTP)

Learn about port 80 (HTTP) - security risks, vulnerabilities, and common uses. Find devices with port 80 open.

Quick Info

Port Number

Protocol

TCP

Service

HTTP

IANA Name

HTTP

Service Description

TCP port 80 is the standard port for Hypertext Transfer Protocol (HTTP), the foundation of data communication on the World Wide Web. Originally defined in RFC 1738 in 1994, HTTP operates on top of the TCP/IP protocol suite. When a user types a URL into a web browser, the browser, acting as an HTTP client, establishes a TCP connection to the web server (typically listening on port 80) at the specified address. The client then sends an HTTP request, which includes a method (e.g., GET, POST), a path (identifying the requested resource), HTTP headers (providing metadata), and optionally a body (containing data to be sent to the server). The server processes the request and responds with an HTTP response, containing a status code (indicating success or failure), HTTP headers, and a body (containing the requested resource or an error message).

## Firewall Recommendations

Generally, port 80 should only be allowed for web servers that are intended to serve content over HTTP. However, it's strongly recommended to redirect traffic from port 80 to port 443 (HTTPS) using web server configurations. If you don't need to serve HTTP content, block port 80 entirely. When allowing port 80, implement strong security measures such as a web application firewall (WAF), intrusion detection/prevention systems (IDS/IPS), and regular security audits. Ensure that the web server and any associated applications are kept up-to-date with the latest security patches. Implement rate limiting to mitigate denial-of-service attacks. Use a reverse proxy to add an additional layer of security and control over the traffic reaching the web server.

Security Information

While HTTP itself isn't inherently a security risk, the lack of encryption makes it highly vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. All data transmitted over HTTP, including sensitive information like passwords and credit card details, is sent in plaintext. Attackers can intercept this traffic and steal or modify the data. Furthermore, applications running on port 80 are susceptible to vulnerabilities such as cross-site scripting (XSS), SQL injection, and other web application attacks. Because port 80 is so widely used, it's a common target for attackers seeking to exploit vulnerabilities in web servers or applications. The fact that it's the default port also means that many administrators may overlook security hardening, making it an easier target.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2017-15710	Apache HTTP Server mod_http2 vulnerability	High	A carefully crafted HTTP/2 request could cause the Apache HTTP Server to crash or potentially execute arbitrary code.
CVE-2017-15715	Apache HTTP Server mod_http2 vulnerability	High	A specially crafted HTTP/2 request could cause a denial of service.
CVE-2019-0211	Apache HTTP Server Privilege Escalation	Critical	A vulnerability in Apache HTTP Server allows a local user to escalate privileges to root by exploiting a race condition when processing piped log files.
CVE-2023-38124	HTTP.sys Web Server Denial of Service Vulnerability	High	A denial of service vulnerability exists in HTTP.sys when HTTP/2 is enabled.
CVE-2023-46747	Atlassian Confluence Server Web Server Request Forgery Vulnerability	Critical	An attacker can exploit a server-side request forgery (SSRF) vulnerability in Confluence Data Center and Confluence Server, allowing them to send arbitrary HTTP requests from a Confluence Server instance.