Yelp: Nginx version disclosure via forbidden page

2017-01-12T16:56:58
ID H1:197880
Type hackerone
Reporter overlax
Modified 2017-11-21T18:28:30

Description

This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.

Impact: An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Steps to reproduce: 1. Go to https://engineeringblog.yelp.com/images/previews/ 2. Now the nginx version: nginx/1.11.3 shows in bottom of the error page.

I hope this will fixed soon :))

Have a nice day guys, ~Ry