Description

Application errors or warning messages may disclose sensitive information about an application's internal workings to an attacker.

Acunetix found the web server version number and a list of modules enabled on the target server. Consult the 'Attack details' section for more information about the affected page.

Remediation

Properly configure the web server not to disclose information about an application's internal workings to the user. Consult the 'Web references' section for more information.

References

Custom Error Responses (Apache HTTP Server)

server_tokens (Nginx)

Remove Unwanted HTTP Response Headers (Microsoft IIS)

Related Vulnerabilities

WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)

Memcached Unauthorized Access Vulnerability

WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0195)

WordPress Plugin Gravity Forms Information Disclosure (2.4.8)

Severity

Info

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure