Skyport Systems: Nginx version disclosure via forbidden page
2016-12-28T04:55:03
ID H1:194319 Type hackerone Reporter overlax Modified 2017-02-07T18:17:40
Description
This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.
Impact:
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Steps to reproduce:
1. Go to https://skycontrol.skyportsystems.com/images/shell/
2. Now the nginx version shows in bottom.
{"id": "H1:194319", "hash": "7544a0266c6a60244d7f4731316eeb4f", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "2017-02-07T18:17:40", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:13", "history": [{"lastseen": "2018-02-07T16:57:56", "edition": 4, "bulletin": {"id": "H1:194319", "hash": "35afd1d1f9b9490aa1093c24c1bd20fd1a74686923ca9064a0357b73e8dafcc2", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "2017-02-07T18:17:40", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:57:56", "history": [], "viewCount": 2, "enchantments": {"score": {"vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C/", "value": 9.0, "modified": "2018-02-07T16:57:56"}}, "objectVersion": "1.4", "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/production/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"disabled": false, "url": "/overlax", "username": "overlax", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["h1team", "h1reporter"]}, {"lastseen": "2017-08-22T11:09:37", "edition": 1, "bulletin": {"id": "H1:194319", "hash": "79431e93a734ee51028ac1feb764e830b4966a860cf0a8b57a720930ad64256a", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "1970-01-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:37", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/production/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"hacker_mediation": false, "url": "/overlax", "disabled": false, "username": "overlax", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}}}, "differentElements": ["h1reporter"]}, {"lastseen": "2017-08-28T23:19:22", "edition": 2, "bulletin": {"id": "H1:194319", "hash": "d213868794d0faf7ed44fbf9c4b8eb2c1a32ad917f08e1208787a74878ca04d3", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "1970-01-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:22", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/production/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"url": "/overlax", "username": "overlax", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}, "disabled": false, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["modified"]}, {"lastseen": "2017-08-29T13:11:25", "edition": 3, "bulletin": {"id": "H1:194319", "hash": "d3aa7855fcdee43dc0f1b0a49c71906f068cf51a7fe42e1f1f76afc787736e55", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Skyport Systems: Nginx version disclosure via forbidden page ", "description": "This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\nImpact: \nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\n\nSteps to reproduce: \n1. Go to ```https://skycontrol.skyportsystems.com/images/shell/```\n2. Now the nginx version shows in bottom. \n\n", "published": "2016-12-28T04:55:03", "modified": "2017-02-07T18:17:40", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/194319", "reporter": "overlax", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:25", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.0, "modified": "2017-08-29T13:11:25"}}, "objectVersion": "1.4", "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/production/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"url": "/overlax", "username": "overlax", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}, "disabled": false, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["h1reporter"]}], "viewCount": 2, "enchantments": {"score": {"value": 2.0, "vector": "NONE", "modified": "2018-04-19T17:34:13"}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:13"}, "vulnersScore": 2.0}, "objectVersion": "1.4", "bounty": 25.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/001/256/b7d62350008b291c01cefafd0ca964d4d4af28b4_medium.png?1428684798", "small": "https://profile-photos.hackerone-user-content.com/000/001/256/c0b94a9e73fff9ccb4de1d19193b54a6e343d94c_small.png?1428684798"}, "url": "https://hackerone.com/skyportsystems", "handle": "skyportsystems"}, "h1reporter": {"disabled": false, "url": "/overlax", "username": "overlax", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/132/927/7f85f94dc64627697044208cd25b9011f8bc1a98_small.png?1491994503"}, "hacker_mediation": false, "is_me?": false}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}
