Page MenuHomePhabricator

php and apache version disclosure
Closed, DeclinedPublic

Description

Hi Team,

Web server fingerprinting is a critical task for the Penetration tester. Knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing.

Please find the attached PoC for refrence.

Thank you

Event Timeline

Bawolff added a subscriber: Bawolff.

This is not something we consider to be security sensitive in a wikimedia context due to transparency reasons.

Maybe there could be an argument for having a config setting for third parties who want this, but i wouldnt be inclined to do it unless there was an actual real third party requesting it.

Bawolff renamed this task from Information Disclouser. to php and apache version disclosure.Apr 14 2017, 6:11 PM
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".