Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by heller452 - 22.09.2024
Last edited by cbay - 23.09.2024

FS#79 - Nginx version leaking Information Disclosure

Dear Security Team,

Introduction: I hope this message finds you well. I am reaching out to bring to your attention a Critical severity issue that has been identified during my recent assessment: Information Disclosure Vulnerability Report. The details of the vulnerability can be found in the comprehensive report provided below.

Vulnerability Name: NGINX Version 1.14.2 Leaking

Vulnerability Description: The NGINX Server Version Information Leakage Vulnerability exposes sensitive server version details, potentially aiding malicious actors in crafting targeted attacks against vulnerable systems. By exploiting this vulnerability, attackers can ascertain specific NGINX server versions running on target hosts, facilitating the identification of potential security weaknesses or outdated software versions susceptible to known exploits. This information disclosure could lead to unauthorized access, data breaches, or system compromise, posing significant risks to affected organizations' security posture and integrity of their web infrastructure.

Steps To Reproduce:

1. http://overlord2.alwaysdata.com go to this url and intercept this request (In my case: Burp-Suite).
2. Send this request to repeater & Observe Response.

http://overlord2.alwaysdata.com: Server: nginx/1.14.2



Reference :-
https://www.cybersecurity-help.cz/vdb/SB2021052543 www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.143920

Impact: Malicious actors could craft targeted attacks against vulnerable systems.

The NGINX server version leaking vulnerability exposes organizations to significant risks:
Security Breaches: Attackers can exploit version leakage to identify known vulnerabilities in specific NGINX versions, facilitating targeted attacks.

Information Disclosure: Exposing server versions enables attackers to gather intelligence about the server environment, potentially leading to further exploitation or unauthorized access.

System Compromise: Malicious actors can exploit this vulnerability to launch attacks tailored to specific NGINX versions, potentially leading to system compromise, data theft, or disruption of services.

Mitigation:

1. Update NGINX: Regularly update NGINX to the latest stable version to patch known vulnerabilities and reduce the risk of exploitation.

2. Remove Server Tokens: Configure NGINX to hide version information from HTTP response headers using the server_tokens directive.

3. Security Hardening: Implement security measures like Web Application Firewalls (WAFs) and Intrusion Detection Systems (IDS) to monitor and filter malicious traffic targeting NGINX servers.

4. Error Page Customization: Customize error pages to provide minimal information to potential attackers, avoiding disclosure of server version information.

5. Limit Information Exposure: Minimize information exposure by configuring NGINX to reveal only necessary details in error messages and server responses.

I am committed to assisting you in addressing this issue promptly. Please feel free to contact me for any clarification or assistance in implementing the recommended mitigation measures.

Thank you for your attention to this matter, and I look forward to your prompt action in securing your website.

Best regards,

Sanjith Roshan U

Security Researcher

Closed by  cbay
23.09.2024 07:22
Reason for closing:  Invalid
Admin
cbay commented on 23.09.2024 07:22

Hello,

`overlord2.alwaysdata.com` pointed to an IP that didn't belong to us (an old IP that we used like 10 years ago). It means that the `Server: nginx/1.14.2` was not returned by a server that we own.

We've deleted the DNS record for `overlord2.alwaysdata.com` as it was abandoned anyway.

Thanks,
Cyril

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing