Description

Application errors or warning messages may disclose sensitive information about an application's internal workings to an attacker.

Acunetix found the web server version number and a list of modules enabled on the target server. Consult the 'Attack details' section for more information about the affected page.

Remediation

Properly configure the web server not to disclose information about an application's internal workings to the user. Consult the 'Web references' section for more information.

References

Custom Error Responses (Apache HTTP Server)

server_tokens (Nginx)

Remove Unwanted HTTP Response Headers (Microsoft IIS)

Related Vulnerabilities

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

Laravel debug mode enabled (AcuSensor)

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

JBoss Server MBean

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure