Skyport Systems: Nginx version disclosure via forbidden page

2016-12-28T04:55:03
ID H1:194319
Type hackerone
Reporter overlax
Modified 2017-02-07T18:17:40

Description

This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.

Impact: An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Steps to reproduce: 1. Go to https://skycontrol.skyportsystems.com/images/shell/ 2. Now the nginx version shows in bottom.