Version Disclosure (OpenSSL)
Severity: Low
Summary
Netsparker identified a version disclosure (OpenSSL) in target web server's HTTP response.
This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of OpenSSL.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remediation
Configure your web server to prevent information leakage from the
SERVER header of its HTTP response.Classifications
CAPEC-170, WASC-45, OWASP 2013-A5, OWASP 2017-A6
Netsparker Security Insights
- Exposing the Public IPs of Tor Services Through SSL Certificates
- Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation
- Netsparker's Weekly Security Roundup 2018 – Week 02
- Netsparker Cloud Updated with New Security Checks and Several Other Service Improvements
- Netsparker Desktop Updated with DROWN SSL/TLS Security Check and More
Helpful Use Cases
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
