Fingerprinting Web Application Framework using HTTP headers

OWASP 2013-A5 OWASP 2017-A6 CAPEC-170

Web server fingerprinting is one of the critical task for a penetration tester. By knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing. Geting the information about the types and version of the services that uses in the web server helps to find known vuln and exploites for that services during the test. A peneration tester will store information related to how each type of web server responds to specific commands. The tester can send these commands to the web server, analyze the response, and compare it to the database of known signatures. This server is vulnerable to Fingerprinting Web Application Framework in HTTP headers. This may cause loss of sensitive information. The attacker can identify a web framework in the HTTP response header.

Impact

A tester can find any possible vulnerabilities in the application and can exploit that vulnerability to attack the system. There is a chance for major data breach.

Mitigation / Precaution

  • Correct the information leakage from headers.
  • Disable all HTTP-headers that disclose information of the technologies used.

Latest Articles