362 – Technical information leak - Content response

Description

It is possible to obtain technical information such as: - System component versions (HTTP headers, service banner, etc.) - Specific information about the configuration of server components (php.ini, web.config)

Impact

Gather technical information to craft new attack vectors.

Recommendation

Remove web services and files that exposes technical information.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Elixir
• Go
• Java
• Php
• Ruby
• Scala
• Typescript

Last updated

2024/02/20