Feature #282: [Security Audit Round 2 ] Technology/Version Disclosure - E-Arogya - Redmine

Actions

Copy link

Feature #282

open

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] Technology/Version Disclosure

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:

Ready for Prod

Priority:

High

Assignee:

Uday Kumar Dara

Category:

Target version:

Security Audit

Start date:

01/05/2024

Due date:

% Done:

Estimated time:

Deployed In:

Category:

Description

Technology/Version Disclosure
observation : Repeated
CWE : CWE-200
Description :
The HTTP responses returned by this web application include a header named server.
The value of this header is used to determine which version of server technology or
framework is in use. It is not necessary for production sites and should be disabled
Affected Path(s) :
/(WebServer)
Impact :
The HTTP header may disclose sensitive information. This information can be used to
launch further attacks.
Evidence/Proof Of Concept :
Step 1: Technology version disclosed as shown in below screenshot.

Step 2: Technology version disclosed as shown in below screenshot.

Recommendation :
It is recommended to implement generic error messages and remove the version
information in response headers.

Files

Download all files

clipboard-202405011317-ygjak.png (82 KB) clipboard-202405011317-ygjak.png		Kalyan Battula, 01/05/2024 01:17 PM
clipboard-202405011318-ny1bt.png (91 KB) clipboard-202405011318-ny1bt.png		Kalyan Battula, 01/05/2024 01:17 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

E-Arogya

Custom queries

Feature #282

[Security Audit Round 2 ] Technology/Version Disclosure

Updated by Harish Beechani 12 months ago

Updated by Sivakanth Kesiraju 12 months ago

Updated by Harish Beechani 11 months ago

Updated by Harish Beechani 11 months ago