037 – Technical information leak

Description

It is possible to obtain technical information such as: - System component versions (HTTP headers, service banner, etc.) - Specific information about the configuration of server components (php.ini, web.config)

Impact

Obtain technical information to create new attack vectors.

Recommendation

- Eliminate the services banner with information leakage. - Verify that HTTP headers do not display any name or version.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Elixir
• Go
• Java
• Php
• Ruby
• Scala
• Typescript

Last updated

2024/02/08