Version Disclosure Vulnerability

Information related to the server OS is critical since it discloses the lifecycle of the updates and current state of OS along with the weakness that can be exploited. Being an adversary my first action would be to lookup the current Common Vulnerability Exposures (CVEs) for the OS running on the server such as (Ubuntu) and then move to the application running on the server such as (PHP).

HTTP Headers in response to request may expose the version of the technology that is been used, which ultimately leads to vulnerabilities that possibly exist that exposed version. Such information can be used to exploit any existing vulnerability of the technology version.

Vendors such as APACHE, Microsoft PHP and others use these headers to evaluate their market share in the server hosting market. The harder an attacker must work to identify system’s technology, the more detectable their actions will be. This will allow to better prepare and monitor the attack and mitigate its effects.

As per the snap below, the disclosure of the Server and Version can be observed, a threat actor may use this information and dig for exploitation against the common vulnerabilities

To mitigate the vulnerability, the values of the response header 'Server' and the X'-Powered-By' needs to be hidden using the below code;

expose_php = off

The above code script can be placed in two location (Example Apache)

1. httpd.conf : Apache Config File

2. .htaccess: Htaccess file, a separate file can be used and overwrite the apache config file for the http headers. This file starts with a 'dot' meaning as its a hidden file and can be created if not found in the directory.

As per the above snap, version disclosure vulnerability can be observed as fixed .