1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Novi Survey Detection
Searching...

How to remediate – Novi Survey Detection

Contents

1. Introduction

Novi Survey Detection indicates that the Novi Survey web application is running on a remote host. This means an external-facing survey tool is present, potentially exposing data submitted through it to attackers. Affected systems are typically those hosting public websites or internal applications with user input forms. A successful exploit could lead to information disclosure and potential modification of survey content, impacting confidentiality, integrity, and availability.

2. Technical Explanation

Novi Survey is a web application used for creating and managing online surveys. Its presence on a host indicates the service is accessible, potentially allowing remote attackers to interact with it. There is no known CVE associated with this detection at present. An attacker could attempt to exploit vulnerabilities within the Novi Survey application itself, such as cross-site scripting (XSS) or SQL injection, if they exist. Affected systems are those running a vulnerable version of the Novi Survey web application.

  • Root cause: The presence of the Novi Survey application on an accessible host.
  • Exploit mechanism: An attacker could attempt to exploit known vulnerabilities in the Novi Survey software through malicious input or requests.
  • Scope: Systems running any version of the Novi Survey web application are potentially affected.

3. Detection and Assessment

Confirming the presence of Novi Survey is the first step in assessing risk. You can quickly check by accessing the application through a web browser, or using network scanning tools.

  • Quick checks: Access the host’s web server via a browser and look for Novi Survey branding or login pages.
  • Scanning: Nessus plugin ID 168375 can detect the presence of Novi Survey. This is an example only, and may require updating.
  • Logs and evidence: Web server access logs may show requests to directories associated with Novi Survey (e.g., /novisurvey/).
curl -I http://[target_host]/novisurvey/

4. Solution / Remediation Steps

The primary solution is to remove the application if it’s not required, or update it to the latest version. These steps assume a standard web server setup.

4.1 Preparation

  • Ensure you have access to the web server’s file system and configuration files. A roll back plan involves restoring the backed-up configuration.
  • A change window may be required depending on the impact of stopping the web service. Approval from the application owner is recommended.

4.2 Implementation

  1. Step 1: Stop the web server service (e.g., `sudo systemctl stop apache2`).
  2. Step 2: Remove the Novi Survey installation directory and associated files (e.g., `sudo rm -rf /var/www/html/novisurvey/`).
  3. Step 3: Review web server configuration to remove any references to Novi Survey.
  4. Step 4: Restart the web server service (e.g., `sudo systemctl start apache2`).

4.3 Config or Code Example

Before

# Apache configuration example
Alias /novisurvey /var/www/html/novisurvey/
<Directory /var/www/html/novisurvey/>
    Require all granted
</Directory>

After

# Apache configuration example - Novi Survey removed
# No alias or directory block for /novisurvey/ exists.

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of issue. Least privilege limits the impact if an application is compromised, and regular patching ensures known vulnerabilities are addressed.

  • Practice 1: Least privilege – restrict access to web server files and configuration to only authorized personnel.
  • Practice 2: Patch cadence – implement a regular schedule for updating all software on servers, including web applications.

4.5 Automation (Optional)

If using infrastructure-as-code tools like Ansible, you can automate the removal of the Novi Survey directory and configuration changes.

# Example Ansible task to remove Novi Survey
- name: Remove Novi Survey installation
  file:
    path: /var/www/html/novisurvey/
    state: absent
  become: true
- name: Remove Novi Survey alias from Apache configuration
  lineinfile:
    path: /etc/apache2/sites-available/000-default.conf # Adjust path as needed
    regexp: '^Alias /novisurvey'
    state: absent
  become: true
  notify: Restart Apache

5. Verification / Validation

Confirm the removal of Novi Survey by checking for its presence in a web browser and verifying that related configuration entries are gone.

  • Post-fix check: Access `http://[target_host]/novisurvey/` in a web browser. Expect to see a 404 error or similar “not found” message.
  • Re-test: Re-run the curl command from section 3 and confirm it returns a 404 error.
  • Smoke test: Verify that other web applications hosted on the server are still functioning correctly.
  • Monitoring: Monitor web server access logs for any unexpected requests to `/novisurvey/`. This is an example, adjust as needed.
curl -I http://[target_host]/novisurvey/

6. Preventive Measures and Monitoring

  • Baselines: Update a server security baseline to explicitly disallow the installation of Novi Survey, if it is not an approved application.
  • Pipelines: Add checks in your CI/CD pipeline to scan for unexpected files or directories on servers during deployment (for example, using file integrity monitoring).
  • Asset and patch process: Implement a regular review cycle for server configurations and installed software.

7. Risks, Side Effects, and Roll Back

  • Roll back: Restore the backed-up web server configuration and files. Restart the web service.

8. References and Resources

Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles