Enabled default configuration
Description
The servers default page is enabled, which allows an attacker to access it and obtain relevant technical information about the server.
Impact
Obtain technical information from the application that can be used to augment the attack vector.
Recommendation
Disable or modify the servers default page in such a way that no information can be obtained from it.
Threat
Anonymous attacker from Internet.
Expected Remediation Time
⏱️ 15 minutes.
Requirements
266 - Disable insecure functionalitiesScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N