Project

General

Profile

Actions
Copy link

Feature #282

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Technology/Version Disclosure

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:
Ready for Prod
Priority:
High
Assignee:
Uday Kumar Dara
Category:
-
Target version:
Security Audit
Start date:
01/05/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

Technology/Version Disclosure
observation : Repeated
CWE : CWE-200
Description :
The HTTP responses returned by this web application include a header named server.
The value of this header is used to determine which version of server technology or
framework is in use. It is not necessary for production sites and should be disabled
Affected Path(s) :
/(WebServer)
Impact :
The HTTP header may disclose sensitive information. This information can be used to
launch further attacks.
Evidence/Proof Of Concept :
Step 1: Technology version disclosed as shown in below screenshot.

Step 2: Technology version disclosed as shown in below screenshot.

Recommendation :
It is recommended to implement generic error messages and remove the version
information in response headers.

Files

Download all files
clipboard-202405011317-ygjak.png (82 KB) clipboard-202405011317-ygjak.png Kalyan Battula, 01/05/2024 01:17 PM
clipboard-202405011318-ny1bt.png (91 KB) clipboard-202405011318-ny1bt.png Kalyan Battula, 01/05/2024 01:17 PM
Actions
Copy link
 #1

Updated by Harish Beechani 12 months ago

  • Status changed from New to In Progress
  • Assignee set to Uday Kumar Dara
Actions
Copy link
 #2

Updated by Sivakanth Kesiraju 12 months ago

  • Target version set to Security Audit
Actions
Copy link
 #3

Updated by Harish Beechani 11 months ago

  • Status changed from In Progress to Resolved
Actions
Copy link
 #4

Updated by Harish Beechani 11 months ago

  • Status changed from Resolved to Ready for Prod
Actions
Copy link

Also available in: Atom PDF