Server version disclosure vulnerability

RESOLVED INVALID

Status

Invalid Bugs
General
RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: Mahmoud Osama, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8818137 [details]
IMG_1507.PNG

User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_1_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) CriOS/55.0.2883.79 Mobile/14B100 Safari/602.1

Steps to reproduce:

1- go to http://peopel.mozila.com/
2- you will redirect to http://peopel.mozila.com/cgi-sys/defaultwebpage.cgi
3- Now go to http://peopel.mozila.com/cgi-sys/

You will see the server info 

Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 



Actual results:

The server showed me All info about all programs ***Versions*** you installed in your server it is misconfigration in forbedin folder in your server 

More info : https://msdn.microsoft.com/en-us/library/aa738441(v=vs.110).aspx

BTW it is effect a lot of subdomains will send you the list of effected subdomains 


Expected results:

You will see this info Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 in the forbidden page
(Reporter)

Comment 1

2 years ago
Oops sorry for that I did mistake this site not Mozilla sorry for that :(
Component: Untriaged → Workers
Product: Firefox → Tamarin
(Reporter)

Comment 2

2 years ago
Sorry for this mistake I didn't notice that :-(
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Component: Workers → General
Product: Tamarin → Invalid Bugs
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.