Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[appserver-io/webserver] Hide sensitive header vars #959

Open
wick-ed opened this issue Feb 25, 2016 · 0 comments
Open

[appserver-io/webserver] Hide sensitive header vars #959

wick-ed opened this issue Feb 25, 2016 · 0 comments
Labels
enhancement security

Comments

@wick-ed
Copy link
Member

wick-ed commented Feb 25, 2016

appserver.io per default exposes information which can be used against it. This can be considered a light information leakage vulnerability as a potential attacker can use the exposed information to tailor an attack.
An example is the Server header field which per default contains the appserver AND the used PHP version.
This can be used to simply look up known vulnerabilities for both.

UAC:

  • There MUST NOT be default exposure of information which can be directly linked to known vulnerabilties
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wick-ed