EN
Русский
TCP
Web
Port 8080 (HTTP Proxy)
Learn about port 8080 (HTTP Proxy) - security risks, vulnerabilities, and common uses. Find devices with port 8080 open.
Quick Info
Port Number
8080
Protocol
TCP
Service
HTTP Proxy
IANA Name
HTTP Proxy
Service Description
Port 8080 is a TCP port commonly used as an alternative to the standard HTTP port 80. While port 80 is the default for web traffic, 8080 is often employed in scenarios where the standard port is already in use (e.g., by another web server) or when running a web server as a non-root user, as binding to privileged ports (below 1024) typically requires root privileges. It's also frequently used for proxy servers and development environments.
Technically, when a client initiates an HTTP request to a server listening on port 8080, it specifies the port number in the TCP connection establishment (SYN packet). The server, configured to listen on 8080, accepts the connection and proceeds with the HTTP protocol exchange, including request headers, body, and responses. The HTTP protocol itself remains the same regardless of the port used. The primary difference is the explicit port specification required in the URL (e.g., `http://example.com:8080`). The use of 8080 allows multiple web services to coexist on a single machine without conflicting port assignments.
## Firewall Recommendations
Whether to allow or block port 8080 depends entirely on the specific use case. If a legitimate service (e.g., a web application or proxy server) needs to be accessible from outside the local network, port 8080 must be allowed through the firewall. However, opening it without proper security measures is risky. Best practices include:
* **Principle of Least Privilege:** Only allow access to port 8080 from specific IP addresses or networks that require it. Avoid a wide-open rule.
* **Regular Updates:** Keep the software running on port 8080 (e.g., web server, proxy server) up-to-date with the latest security patches.
* **Strong Authentication:** Implement strong authentication mechanisms (e.g., multi-factor authentication) for any web applications accessible through port 8080.
* **Web Application Firewall (WAF):** Use a WAF to protect against common web application attacks such as SQL injection and cross-site scripting.
* **Intrusion Detection/Prevention System (IDS/IPS):** Deploy an IDS/IPS to monitor traffic on port 8080 for suspicious activity.
* **Consider VPN:** If the service is only needed for internal use, consider using a VPN to access it instead of exposing it directly to the internet.
* **Disable Unnecessary Features:** Disable any unnecessary features or services running on the web server or proxy server. For example, if you don't need web-based administration, disable it.
* **Monitoring and Logging:** Regularly monitor logs for suspicious activity. Enable detailed logging to aid in incident response.
Technically, when a client initiates an HTTP request to a server listening on port 8080, it specifies the port number in the TCP connection establishment (SYN packet). The server, configured to listen on 8080, accepts the connection and proceeds with the HTTP protocol exchange, including request headers, body, and responses. The HTTP protocol itself remains the same regardless of the port used. The primary difference is the explicit port specification required in the URL (e.g., `http://example.com:8080`). The use of 8080 allows multiple web services to coexist on a single machine without conflicting port assignments.
## Firewall Recommendations
Whether to allow or block port 8080 depends entirely on the specific use case. If a legitimate service (e.g., a web application or proxy server) needs to be accessible from outside the local network, port 8080 must be allowed through the firewall. However, opening it without proper security measures is risky. Best practices include:
* **Principle of Least Privilege:** Only allow access to port 8080 from specific IP addresses or networks that require it. Avoid a wide-open rule.
* **Regular Updates:** Keep the software running on port 8080 (e.g., web server, proxy server) up-to-date with the latest security patches.
* **Strong Authentication:** Implement strong authentication mechanisms (e.g., multi-factor authentication) for any web applications accessible through port 8080.
* **Web Application Firewall (WAF):** Use a WAF to protect against common web application attacks such as SQL injection and cross-site scripting.
* **Intrusion Detection/Prevention System (IDS/IPS):** Deploy an IDS/IPS to monitor traffic on port 8080 for suspicious activity.
* **Consider VPN:** If the service is only needed for internal use, consider using a VPN to access it instead of exposing it directly to the internet.
* **Disable Unnecessary Features:** Disable any unnecessary features or services running on the web server or proxy server. For example, if you don't need web-based administration, disable it.
* **Monitoring and Logging:** Regularly monitor logs for suspicious activity. Enable detailed logging to aid in incident response.
Security Information
While port 8080 itself isn't inherently insecure, its common use for development and proxy servers makes it a frequent target for attackers. If a web application running on port 8080 has vulnerabilities (e.g., SQL injection, cross-site scripting), attackers can exploit these vulnerabilities to gain unauthorized access to the system. Furthermore, if a poorly configured or outdated proxy server is running on port 8080, it can be used for malicious purposes such as relaying spam, conducting DDoS attacks, or bypassing security controls. The visibility of port 8080 (especially if exposed to the internet) increases the likelihood of it being targeted by automated vulnerability scanners and exploit kits. The key risk stems from the applications and services running behind the port, not the port itself.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2023-46604 | Apache ActiveMQ Remote Code Execution | Critical | Apache ActiveMQ versions before 5.15.16, 5.16.7, 5.17.6, and 5.18.3 are vulnerable to remote code execution due to insecure deserialization. An attacker can exploit this vulnerability by sending a specially crafted OpenWire message to the broker, potentially gaining full control of the system. This often uses port 8080 for web console access. |
| CVE-2023-34362 | MOVEit Transfer SQL Injection Vulnerability | Critical | A SQL injection vulnerability exists in MOVEit Transfer before June 9, 2023, that could allow an unauthenticated attacker to gain unauthorized access to the database. While not directly on 8080, exploitation of MOVEit, sometimes accessed via reverse proxies on 8080, could lead to compromise. |
| CVE-2021-44228 | Log4Shell | Critical | A remote code execution vulnerability exists in Apache Log4j 2 versions 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) due to insufficient input validation. While not specific to port 8080, applications using Log4j and accessible through port 8080 are vulnerable. |
| CVE-2017-5638 | Apache Struts Remote Code Execution | Critical | A remote code execution vulnerability exists in Apache Struts 2 versions before 2.3.32 and 2.5.10.1 due to improper handling of Content-Type headers. Applications using Struts and accessible through port 8080 are vulnerable. |
Common Software
- Apache Tomcat
- Jetty
- GlassFish
- Node.js (development)
- Jenkins
- Sonatype Nexus
- Atlassian Jira
- Atlassian Confluence
- TeamCity
- Squid (sometimes)
Find devices with this port
Discover all devices with port 8080 open in any country.
Search Port 8080Find all devices with port 8080 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning