Information disclosure occurs when an application fails to adequately protect sensitive and confidential information from parties that are not supposed to access the subject matter in normal circumstances. While these flaws may not have a significant impact, they allow attackers to gather relevant system information to use later in the attack life cycle. Knowing the framework version ahead of time provides insight into how the application responds to different available payloads.
Expected behavior
Ensure that the application does not expose the versions of the technology, software, references to other servers, services, or server used in the application by removing the versions from the server response headers.
Actual behavior
Exploiting information exposure vulnerabilities allows attackers to harvest sensitive information to
perform data exfiltration and even complete user account takeover. Exposed details about the application’s environment, users, or associated data (for example, pointer to another server address) could enable an attacker to find another flaw and help the attacker to mount an attack and even traverse to another internal server. Depending on the exposure, it may be possible to cause availability and integrity loss.
Version
4.2.21
Severity
Low
Environment
msi
Steps to Reproduce
Information disclosure occurs when an application fails to adequately protect sensitive and confidential information from parties that are not supposed to access the subject matter in normal circumstances. While these flaws may not have a significant impact, they allow attackers to gather relevant system information to use later in the attack life cycle. Knowing the framework version ahead of time provides insight into how the application responds to different available payloads.
Expected behavior
Actual behavior
Additional Environment data
No response
Screenshots/Animations
No response