Preventing Information Disclosure

By default, websites can reveal information such as development technologies and software versions. On its own these details can be fairly harmless. However, in the right hands, simple information such as the web server version could be used to perform a targeted attack and gain code execution.

One example where information disclosure regularly occurs is within HTTP response headers. There are far too many headers for me to go through so I’ll focus on just a couple, Server and X-Powered-By.

Server: Apache/2.4.50
X-Powered-By: PHP/8.1.0-dev

The server header typically reveals what type of server is in use, there are several popular web servers but the most common would be either Apache or Nginx. As you can see from the example above, the server response reveals that this is an Apache web server, specifically, version 2.4.50.

With the information extracted from this header, an attacker could use Google to search for any known exploits which target Apache version 2.4.50. After only a small amount of searching, they would find a path traversal and RCE (Remote Code Execution) exploit which exists with the common vulnerabilities and exposure code CVE-2021-41773.

Moving on to the X-Powered-By, this is a header which typically reveals what type of development technologies are in use, in this example, this would be PHP version 8.1.0-dev. Similarly to the Apache version, an attacker would be able to do a Google search and find that this version of PHP is affected by a backdoor which allows for RCE (Remote Code Execution).

Although the examples we’ve provided are strictly related to HTTP response headers, information disclosure can occur anywhere sensitive information can be viewed by the wider public, this can be in headers, HTML comments, robots files or even old web pages which the administrator may have forgotten to remove.

How to stop information disclosure

Preventing information disclosure can come down to something as simple as reviewing publicly accessible documents to ensure sensitive information is not being leaked. In regards to HTTP headers, depending on the web server in use you would need to refer to the official documentation, I have provided some links below to help with this.

Spread the love