290 – Technical information leak - IPs

Description

The web server exposes their internal IP through the web page response.

Impact

Obtain the internal IP of the server.

Recommendation

Remove web services that expose technical information.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Csharp
• Elixir
• Go
• Java
• Php
• Ruby
• Scala

Last updated

2024/02/19