Description

The web application exposes Delve Debugger port. It's not recommended to have Delve service publicly accessible as the debugger has full access to the Go app and an attacker may be able to execute arbitrary code.

Remediation

Disable Debugger or restrict access to it

References

Delve

Related Vulnerabilities

Possible sensitive directories

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.2)

Zope Web Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-41050)

Apache Server-Info Detected

Bitrix server test script publicly accessible

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration