Technical information leak - Content response
Description
It is possible to obtain technical information such as: - System component versions (HTTP headers, service banner, etc.) - Specific information about the configuration of server components (php.ini, web.config)
Impact
Gather technical information to craft new attack vectors.
Recommendation
Remove web services and files that exposes technical information.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N