308 – Enabled default configuration

Description

The servers default page is enabled, which allows an attacker to access it and obtain relevant technical information about the server.

Impact

Obtain technical information from the application that can be used to augment the attack vector.

Recommendation

Disable or modify the servers default page in such a way that no information can be obtained from it.

Threat

Anonymous attacker from Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 266 - Disable insecure functionalities

Fixes

• Csharp
• Dart
• Go
• Java
• Php
• Ruby
• Scala
• Typescript

Last updated

2024/02/19