Generic Map Nomatch
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP PC-C3 CWE-119 WASC-13
Generic Map Nomatch is an identifier used by many products, services and databases to specify if a vulnerable doesn’t map to its CVE. This can be due to:-
- Non-existing public CVE
- The element might not match criteria for CVE
- The developer has not mapped the bug yet
Virtual Programming’s VP-ASP Shopping Cart Default Configuration May Disclose Internal Database to Remote Users. This information includes user details, credit card details etc.
The impact include:-
- Possible data breach
- Possible leakage and/or manipulation of sensitive information
Mitigation / Precaution
This vulnerability can be fixed by:-
- Making sure that the web server does not send out response headers that reveal information about the backend technology type or version.
- Making sure that all the services running on the server’s open ports do not reveal information about their builds and versions.