Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5689

Recovering fingerprints from web application technologies should not be possible

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Disable the fingerprinting of this web technology.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      ABAP, APEX, C#, C, C++, Cobol, CSS, Flex, Go, HTML, Java, JavaScript, Kotlin, Objective-C, PHP, PL/I, PL/SQL, Python, RPG, Ruby, Rust, Scala, Solidity, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Level:
      Control-flow Analysis
    • Analysis Scope:
      Main Sources, Test Sources
    • CWE:
      CWE-200
    • OWASP:
      A6

      Description

      The retrieval of technology fingerprints allows an attacker to gather information about the technologies used to develop the web application and to perform relevant security assessments more quickly (like the identification of known vulnerable components).

      It's recommended to not disclose technologies used on a website, with x-powered-by HTTP header for example.

      See

        Attachments

        1.
        JavaScript RSPEC-5690 Language-Specification Active Unassigned

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eric.therond Eric Therond
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: