Web Server Error Page Information Disclosure

medium Nessus Plugin ID 88490

Synopsis

The remote web server discloses information via a default error page.

Description

The default error page sent by the remote web server discloses information that can aid an attacker, such as the server version and languages used by the web server.

Solution

Modify the web server to not disclose detailed information about the underlying web server, or use a custom error page instead.

Plugin Details

Severity: Medium

ID: 88490

File Name: pci_www_error_page_info_disclosure.nasl

Version: 1.5

Type: remote

Family: Web Servers

Published: 1/29/2016

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport