Skip Menu |

This queue is for tickets about the WebService-XING CPAN distribution.

Report information
The Basics
Id: 126946
Status: open
Priority: 0/
Queue: WebService-XING
People
Owner: Nobody in particular
Requestors: mayanksingh100797 [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
Screenshot (1394).png

History Show all quoted text
  Sat Aug 25 12:52:43 2018 mayanksingh100797 [...] gmail.com - Ticket created
Subject: VULNERABILITY REPORT
Date: Sat, 25 Aug 2018 22:22:16 +0530
To: bug-WebService-XING [...] rt.cpan.org
From: Mayank <mayanksingh100797 [...] gmail.com>
Hello sir I have found Information disclosure vulnerability in your subdomain -> webshop.xing.com <http://hbrc.govt.nz/> Description of the vulnerability: The Information about version of server you are using is getting leaked , due to improperly handling 403 errors. Disclosing the web server version should be avoided as an attacker could look up vulnerabilities that pertain to that certain server version. As W3C puts it- Note: Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Server implementors are encouraged to make this field a configurable option. Steps to reproduce: 1.Go to *http://webshop.xing.com/ <http://webshop.xing.com/>* 2.Add server-status?full=true such that the URL becomes http://webshop.xing.com/server-status?full=true and click on go. You can see that the server version is getting disclosed due to improperly handling 403 error Impact: (Critical) As the server version you are using is Apache/2.4.7 (Ubuntu) Server , an attacker can exploit the existing vulnerabilities pertaining to this specific version. Your current version of Apache is vulnerable to many issues like DoS, Overflow,Sensitive Information Disclosure and Remote Code Execution. DoS Reference: https://www.cvedetails.com/cve/CVE-2014-3523/ <http://goog_1454089082/> https://www.cvedetails.com/cve/CVE-2014-0231/ <http://goog_1454089082/> https://www.cvedetails.com/cve/CVE-2014-0118/ <http://goog_1454089082/> https://www.cvedetails.com/cve/CVE-2014-0117/ <http://goog_1454089082/> https://www.cvedetails.com/cve/CVE-2014-0098/ <http://goog_1454089082/> https://www.cvedetails.com/cve/CVE-2013-6438/ Code Exec Reference: https://www.cvedetails.com/cve/CVE-2014-0226/ For complete reference: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-161847/year-2014/ Apache-Http-Server-2.4.7.html Recommendation: You should hide server versions because the attacker can use this on evaluating security vulnerabilities in your infrastructure.Some SQL Injector that uses error based technique can use the version information to know the right syntax for the injection attack.Morever,use custom 403/404 error pages. It is important not to disclose the versions. OWASP reference: https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint I suggest you to fix this vulnerability as soon as possible.Looking forward to hear from you. PFA Warm Regards Mayank
Download Screenshot (1394).png
image/png 82.3k

Message body is not shown because sender requested not to inline it.

  Sat Aug 25 17:13:00 2018 ether [...] cpan.org - Correspondence added
On 2018-08-25 09:52:43, mayanksingh100797@gmail.com wrote: Show quoted text
> Hello sir > > I have found Information disclosure vulnerability in your subdomain > -> > webshop.xing.com <http://hbrc.govt.nz/>
This is not the right issue queue for this.
  Sat Aug 25 17:13:01 2018 The RT System itself - Status changed from 'new' to 'open'