Version Disclosure (CakePHP Framework)

Severity: Low

Summary#

Invicti identified a version disclosure (CakePHP Framework) in the target web server's HTTP response.

This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of CakePHP Framework.

Impact#

An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Remediation#

Configure your web server to prevent information leakage from its HTTP response.

Classifications#

CAPEC-170, CWE-205, WASC-13, OWASP 2017-A6, ISO27001-A.18.1.3, HIPAA-164.306(a), 164.308(a), OWASP 2013-A5

Invicti Security Insights

Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast
End of Support for PHP 5 and PHP 7.0
The Powerful Resource of PHP Stream Wrappers
Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast
Detailed Explanation of PHP Type Juggling Vulnerabilities

Version Disclosure (CakePHP Framework)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.