Project

General

Profile

Actions
Copy link

Bug #93

closed

Feature #65: Security Audit

[Security Audit ] 28- Technology/Version Disclosure

Added by Kalyan Battula about 1 year ago. Updated 7 months ago.

Status:
Closed
Priority:
Low
Assignee:
Uday Kumar Dara
Category:
-
Target version:
Security Audit
Start date:
17/04/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

28- Technology/Version Disclosure
CWE : CWE-200
Description :
The HTTP responses returned by this web application include a header named server.
The value of this header is used to determine which version of server technology or
framework is in use. It is not necessary for production sites and should be disabled
Affected Path(s) :
/(WebServer)
Impact :
The HTTP header may disclose sensitive information. This information can be used to
launch further attacks.
Recommendation :
It is recommended to implement generic error messages and remove the version
information in response headers.
Evidence/Proof Of Concept :
Step 1: Technology version disclosed as shown in below screenshot.

Files

clipboard-202404171611-bad4b.png (91.4 KB) clipboard-202404171611-bad4b.png Kalyan Battula, 17/04/2024 04:11 PM
Actions
Copy link
 #1

Updated by Vasudev Mamidi 12 months ago

  • Status changed from New to Resolved
Actions
Copy link
 #2

Updated by Vasudev Mamidi 12 months ago

  • Assignee set to Uday Kumar Dara
Actions
Copy link
 #3

Updated by Sivakanth Kesiraju 12 months ago

  • Target version set to Sprint 1 (29th April - 3rd May)
Actions
Copy link
 #4

Updated by Sivakanth Kesiraju 12 months ago

  • Target version changed from Sprint 1 (29th April - 3rd May) to Security Audit
Actions
Copy link
 #5

Updated by Gautam Kumar 7 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF