Yelp: Nginx version disclosure via forbidden page

ID H1:197880
Type hackerone
Reporter overlax
Modified 2017-11-21T18:28:30


This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.

Impact: An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Steps to reproduce: 1. Go to 2. Now the nginx version: nginx/1.11.3 shows in bottom of the error page.

I hope this will fixed soon :))

Have a nice day guys, ~Ry