Description

Application errors or warning messages may disclose sensitive information about an application's internal workings to an attacker.

Acunetix found the web server version number and a list of modules enabled on the target server. Consult the 'Attack details' section for more information about the affected page.

Remediation

Properly configure the web server not to disclose information about an application's internal workings to the user. Consult the 'Web references' section for more information.

References

Custom Error Responses (Apache HTTP Server)

server_tokens (Nginx)

Remove Unwanted HTTP Response Headers (Microsoft IIS)

Related Vulnerabilities

Directory listings

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

WordPress Plugin Simple File List Arbitrary File Download (3.2.7)

Possible username or password disclosure

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure